3 Crucial Tips to Avoid a Cyber Whaling Attack

This is one more phishing trip you'll really want to avoid

When you hear the term “Cyber Whaling Attack,” maybe your mind goes to Captain Ahab and his dogged pursuit of the giant white whale in the classic novel, Moby Dick...

... And you would be right.

Except, in this case, you – the manager or executive – are the whale that’s hunted. Why? Because you have high-level access to your company’s IT environment, personnel records, client files, financial information, and proprietary data. You are the whale that the cybercriminals want to land -- because you have unprecedented access. Cyber Whaling attacks are a specialised area of the more common phishing attacks seen every day in nearly every company across the globe. Usually, the common phishing attacks come by email and are filtered out of your employee’s inboxes by your email security software. 

Cyber Whaling is Different than Common Phishing Attacks

Phishing can be broken up into three categories.


  • Phishing – Emails with malicious links, attachments and social engineering ploys sent out en-masse to hundreds of thousands of email boxes 
  • Spear Phishing – Targeted mails with malicious links, attachments and social engineering ploys sent out to one individual to gain a specific result.
  • Whale Phishing (Cyber Whaling) – Top-level company execs or managers with admin access are targeted individually (usually via email) for the purpose of gaining access to their system credentials and company data.

Some scary statistics...

88%

Up to 88% of UK companies have suffered breaches in the last 12 months.

*Source Carbon Black

19 seconds

One small business in the UK is successfully hacked every 19 seconds.

*Source Hiscox Insurance

Breach

Thirty-seven percent of UK companies have reported a data breach incident to the Information Commissioner’s Office (ICO) in the past 12 months.

33%

Thirty-three percent of UK organizations say they lost customers after a data breach.

*Source Forrester

Is Cyber Whaling Damaging for a Company?

Yes. Anytime a cybercriminal has access to a high-level manager’s credentials or an executive’s laptop, it’s time to worry. Some of the damage that has been done via Cyber Whaling attack is:


  • Deployment of ransomware and demand of money
  • Theft of proprietary data
  • Theft and criminal use of financial information (company and clients)
  • Theft of personal information and use of such for embarrassment/blackmail
  • Damage to company IT systems using stolen admin credentials

What 3 Steps Should You Take to Combat the Potential of Cyber Whaling Attacks?

Step One - Protocols and Policies


Company CEOs, CIOs, and CFOs have to be on guard and realize that despite their position, they cannot allow themselves to be immune from IT security best practices. Partnering with a professional cybersecurity management team like ours gives you the IT protocols and policies that must be followed by everyone within the company – but especially those in the C-suite. Because of their wide-ranging IT system and company data access, executives and high-level management must take extreme care to follow established and proven policies and protocols.

Endpoint Security and Next-Gen Antivirus


Step Two - Endpoint Security and Next-Gen Antivirus


Today’s criminals are finding ways around firewalls and traditional antivirus software. To combat this emerging threat, your IT and data need to be protected with security measures that lock down endpoints such as laptops, workstations, mobile devices, and IoT devices. Anything connected to the internet needs to be individually secured. Umbrella security is a thing of the past. Next-Gen plays a role in this cutting-edge endpoint security protocol.

Cybersecurity Education for Managers and Executives


Step Three - Cybersecurity Education for Managers and Executives


While learning about how cybercriminals are targeting you and how to avoid falling into their traps is the last thing you want to add to your bucket list, it’s a critical step in becoming an IT security liability in your company. Our IT team works with managers and executives from companies like yours every day to help them be aware of the tactics of cybercriminals. We do this through email educational updates, online trainings, and in-person cybersecurity consultations.

Want to find out whether your cybersecurity precautions are up to industry standard? Give us a call to begin a no-obligation conversation.

*We may contact you to let you know about what’s going on at Yoozoom. This can be anything from the latest product innovations to exclusive deals and future events. Remember, you can always opt out later.

Don't become a statistic.

Share by: