Beware whale phishing and corporate espionage

Worrying trend likely to “really emerge” in 2018, says cyber expert

Beware whale phishing and corporate espionage


By Bethan Moorcraft

The people issue is one of the most concerning cyber risks there is.

Phishing scams are becoming ever more sophisticated and some companies are struggling to keep up – especially those without access to cyber security resources, insurance and risk management.

Organizations across the world have acknowledged the people problem in cyber, but are still finding it difficult to address it effectively. Phish attack training has reduced the average click rate in malicious emails to around 9-10% - but that still leaves on average one out of every 10 people falling for a phishing scam.

“We need to focus on people patching and the human firewall,” said Anthony Dagostino, global head of cyber risk at Willis Towers Watson. “This requires more effective training and awareness campaigns to make sure people aren’t clicking on things. Hackers know people are vulnerable and they will continue to prey on people in this way.”

In line with the ever-evolving cyber threat, phishing scams are also becoming more and more focused – and dangerous. A trend called ‘whale phishing’ is on the rise, where hackers target high profile, wealthy or prominent individuals (aka ‘big phish’) because of their status.

“We will see more whale phishing in 2018, where cyber criminals will target individuals based on things like their LinkedIn or Facebook profiles,” Dagostino told Insurance Business. “General counsel, chief financial officers and even board members are being very specifically targeted just for hackers to get certain information they have.

“It doesn’t necessarily have to be for a data breach – it’s really corporate espionage driven. They either want to get information on an up-coming acquisition, or future business plans that they can use for insider trading.”

Criminals are also taking advantage of whale phishing to transfer funds. Corporate espionage and funds transfer fraud are two threats likely to “really emerge” next year, Dagostino added.

Related stories:
Is cyber insurance prompting more cyberattacks?
"No industry is immune" to cyberattacks

Keep up with the latest news and events

Join our mailing list, it’s free!