Cyber-criminals are starting to show a pattern.
A new study shows that 71% of data breaches at companies involved attacks on employees’ devices, compared with 54% of attacks being aimed directly at a company’s servers. Also, 76% of the attacks exploited weak or stolen log-in information. Those credentials are often stolen from users with malware, phishing and other scams.
But the more interesting part of Verizon’s 2013 Data Breach Investigations Report, which analyzed 621 data breaches investigated in 2012, reveals which type of employees are most often targeted.
The two most common targets? Managers and executives.
In 69% of attacks studied by Verizon, the target was unknown. But the next two categories on the list were executives and managers, targeted in 16% and 11% of attacks, respectively.
This makes sense as managers, executives and any high level employees usually have access to highly sought-after data. Leaders of companies also have higher profiles — it’s easier for a hacker to do their research.
Get them trained
Though many companies train their lower- and mid-level employees to avoid cyber attacks and suspicious emails, studies like this show that it it’s just as important to train higher-level members of the organization — from the CEO, all the way down.
That’s why training is absolutely essential for executives. Coordinate with the CIO or head of IT to set up training presentations for executives and managers. It doesn’t need to be a fancy hours-long presentation with all the bells and whistles, but it should get everyone educated on the risks higher-level employees face with their devices.
It’s important to emphasize responsibility here. It may be tough to get other execs to listen to basic IT training, but frame it as their responsibility to the company — and to the bottom-line.
What types of IT training does your company employ? Is there a focus for specifically training executives and managers? Let us know in the comments below.