2019 Data Breach Investigations Report. Photo courtesy of VerizonReport: Executives Likely to Be Targeted for Cybercrime
Cybercriminals are finding it more lucrative to scam executives and get money through business email compromise scams, cybersecurity attorneys say.
May 13, 2019 at 07:12 PM
3 minute read
Executives of corporations are increasingly being targeted by cybercriminals because of their access to data and ability to engage in social engineering, according to the 2019 Verizon Data Breach Report published last week.
The report was based on the analysis of 41,686 security incidents in 2018. The report noted 2,013 of those reports were confirmed data breaches. The analysis shows executives were compromised in 20% of data breach incidents studied in 2018.
It seems 71% of data breaches were financially motivated, according to the report, and the median amount stolen in a business email compromise scam was $24,439. Edward McAndrew, a partner at DLA Piper in Washington, D.C., said criminals are finding it more lucrative to scam executives and get money through business email compromise scams.
“There has also been a shift from stealing information in order to sell it and weaponizing accounts and systems to commit financial fraud,” McAndrew said.
Training goes a long way in preventing those attacks. Marcus Christian, a partner at Mayer Brown in Washington, D.C., said executives should be aware that they are targets of these kinds of attacks. He said they should put themselves in positions where they are less susceptible to attacks.
“People are more susceptible on a mobile device than they are on a computer,” Christian said. “In that medium you have a smaller screen and fewer ways of checking the authenticity of the messages you receive.”
The report further found that human resource departments are six times less likely to be targeted for an attack.
“I think the interesting thing about that is that Verizon's tracking of W2 scams really dropped a lot this year,” McAndrew said.
McAndrew explained that identities are cheap and more difficult to get. He said if hackers target an executive with a compromised business email, they'll have quicker access to funds because the executive is able to authorize the transfer of funds.
“One of the potential reasons why is that maybe we've gotten better at training on that and our human resources employees are not just falling for that scam as frequently,” McAndrew said.
The report also noted 57% of total breaches took more than one month to discover.
“We still see this dwell time gap where initial attack and compromise is taking minutes and discovery is taking months,” McAndrew said.
Jonathan Fairtlough, managing director of Kroll's cyber risk practice in Los Angeles, said in general the reason many of these attacks take time to discover is because many companies can't detect hackers once they are in a system.
“Most companies' [information technology] resources are focused on making sure everything runs well,” Fairtlough said.
Fairtlough said constant training helps, though companies should work to identify suspicious activity when it enters a system and find ways to monitor it before hackers steal important information.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
How Dana Rao Built a 'Yes' Culture at Adobe and Why He Walked Away
FTC Sues Cash-Advance Fintech Dave, Says It Deceives the 'Financially Vulnerable'
Discover Hires Interim Legal Chief as $35B Sale to Capital One Faces New Hurdles
Trending Stories
- 1Infant Formula Judge Sanctions Kirkland's Jim Hurst: 'Overtly Crossed the Lines'
- 2Election 2024: Nationwide Judicial Races and Ballot Measures to Watch
- 3Guarantees Are Back, Whether Law Firms Want to Talk About Them or Not
- 4How I Made Practice Group Chair: 'If You Love What You Do and Put the Time and Effort Into It, You Will Excel,' Says Lisa Saul of Forde & O'Meara
- 5Abbott, Mead Johnson Win Defense Verdict Over Preemie Infant Formula
- 6How Much Does the Frequency of Retirement Withdrawals Matter?
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
