Threatucation Logo
CALL US
302-537-4198
Creating a Culture of Cyber Security in small- to mid-sized organizations
  • Home
  • Services
    • Risk Assessment
    • Security Policies
    • Security Awareness Training
    • Scam Support
    • Cyber Security Solutions
    • Backups
  • Security Awareness Training
  • Testimonials
  • About
  • Blog
  • Reports
  • Contact

Security Awareness not Just for Employees

March 1, 2021 by Eric Magill

An article I read this morning on one of my security web sites reminded me of the need for small business executives to understand that when it comes to cyber security awareness, they are also employees — but with a twist — they hold the keys to the kingdom.

While a higher percentage of CEOs and business owners now recognize the threats small organizations face from hackers than they used to, it is likewise true that cyber criminals have recognized the value of attacking them directly because they have access to the most sensitive information a company handles.

The article I read pointed to a discovery by researchers at the security software developer Trend Micro that found that 45 percent of the phishing attacks they studied directly targeted the CEO’s email address rather than everyone in the organization (anecdotally, I have seen an increase in direct attacks on CEOs, as well).

Also known as “whaling” because the CEO is considered the big fish in a company, that’s almost as many attacks against the CEO as everyone else in those organizations combined. Managing Directors and Chief Financial Officers are also frequently targeted at 9.7% and 4.8%, respectively.

What makes this important is that I encounter executives who at times consider themselves to be almost immune to the attacks their employees face.

From the article, quoting Ryan Flores of Trend Micro, CEOs and other top executives sometimes view email security mechanisms or policies as “an inconvenience to them” and because of that, they behave like they are “an exception to the rule.”

I offer this blog less as an admonishment of SMB executives as a reminder that they, too, are as susceptible to Social Engineering attacks like phishing and whaling emails as their employees. Executives need to be even more vigilant, though, as these attacks increasingly focus on them specifically and the sensitive nature of what they know and have access to.

To create a culture of Cyber Security that starts from the top down in the hierarchy of your organization, contact me personally at ericm@threatucation.com or 302-537-4198 to discuss a Cyber Security Awareness Training program tailored to you and your employees.

Filed Under: cyber security, Security Awareness Training, Social Engineering Tagged With: #cybersecurity, security awareness training, securityawareness, social engineering

Share:

Meet With Us!

Schedule an Online Meeting with Threatucation to start developing a Culture of Cyber Security in your organization.

Latest News

  • How Often to Conduct Cyber Security Awareness Training? July 7, 2022
  • You’re Still Not too Small May 13, 2021
  • Cyber Security Tips for Protecting Law Firms March 31, 2021
  • Security Awareness not Just for Employees March 1, 2021

FOLLOW US

Contact Us

Form for requesting a free cyber security risk assessment.

Copyright © 2023 · Threatucation