CEOs and other executives are often the main targets of social engineering on Facebook. Social engineering basically means that hackers counterfeit a page to impersonate a brand or individual. These criminals want to steal your information and may try to access your company’s confidential systems to steal information or money. Executives are major targets because they hold the keys to the — sometimes very large — kingdom. Recent studies suggest that C-level executives also put their company at risk by ignoring or failing to understand the importance of security protocols. Therefore, everyone in the organization needs to follow the company’s preventive policies and procedures. Jason Simons, an Austin IT services professional, shares insights into how CEOs and executives can reduce their exposure from social engineering.
Why Are Executive Particularly Vulnerable to Facebook Impersonators?
Executives are used to cutting through red tape, believing that the rules don’t apply to them. They have demanding jobs and expect exemption from inconvenient rules, such as security best practices. Also, they sometimes put false faith in capabilities that are beyond the scope of their current security protocols. For example, an executive might open up a suspicious email that infects their machine. Instead of taking responsibility for the lapse, they might jump straight to asking security why they weren’t protected — from themselves. It’s great to have faith in your team, but many times, cybersecurity relies on the vigilance of all users to keep hackers out of the network. If you are a leader, it’s crucial that you follow the rules; and set a good example for the rest of the staff.
How Can the Latest Technology Pose a Cybersecurity Threat?
C-level leaders make great targets for digital thieves when they get new devices that aren’t on the radar of the security team. You might think that new devices are safer than older models or devices. Unfortunately, that’s not true. In reality, the newest technology probably hasn’t been vetted for potential risks, meaning the network doesn’t yet have any defense against viruses written to attack new devices. It’s relatively easy for a determined hacker to gain entry into work systems you access from newer devices.
How Can Cybercriminals Get to C-Level Leaders Through Their Families?
To avoid the usual monitoring of employee activity, hackers may target an executive’s spouse or kids. Getting a family member to download a virus described as a discount on Facebook pays off when the executive shares a computer with family members. All you have to do is answer work email or log into a web-based application tied to the company network. Cybercriminals just need one point of entry to wreak havoc on your company’s network and sensitive data.
How Successful Are Impersonators Related to Social Engineering?
ZeroFOX looked at 40,000 Facebook impersonator profiles, examining 1,000 of them in depth. Here are some of the findings:
Impersonators increased about 11x in a two-year period ending December 2016. Account impersonators are found on Twitter, Facebook, and Instagram. Some used YouTube to promote false profiles. About half of all social media impersonators deliver their malware through a fake coupon or free giveaway. Impersonators clear out accounts and leave them an idol to prevent detection and may later use them in new ways.
If you are a business executive, it’s a good idea to do frequent searches on your name and title to identify possible impersonation accounts. Following safe cyber hygiene, such as not opening suspicious emails and registering new devices with your cybersecurity team, is a great way to protect your company, and potentially your livelihood.