A third of Fortune 500 execs fall for phishing attempts

An average of one-third of Fortune 500 corporate executives are falling for phishing attacks, suggests a security awareness and training company in the United States.

Actual simulated phishing attack results show that C-level executives may be most likely to take the bait and fall for simple or sophisticated spear phishing attacks, Pittsburgh-based Wombat Security Technologies noted in a statement Tuesday.

Attacks may take the form of electronic faxes, fake conference registrations, shipping confirmations and social media password resets.

“Wombat’s data reveals some senior executives are actually submitting login credentials, which may be exposing their company to harmful data breaches,” the statement notes. The company offers the following tips:

Know your numbers – if trying to sell security awareness internally, it is good to know the cost of not investing (damage to brand reputation, loss of intellectual property, cost of cleaning PCs and unnecessary helpdesk calls, among other things);

Remember the executive assistant – Anyone who has access to the executive’s e-mail may be vulnerable to phishing attacks, meaning that training people in these roles is equally as important as training executives;

Quantify the opportunity cost of remediation – If the security team had fewer threats or breaches to chase, what proactive or revenue-generating projects could be accomplished?

 “My time is too valuable” is not an answer – If there are stats to back up the need for training, there is no reason to let the executive team off the hook. Everyone needs to be educated about information security risks and the CEO and the executive team can lead by example.