The recent cyberattack on Reddit shows that relying solely on multi-factor authentication (MFA) is not enough to prevent hackers from gaining access to sensitive information. While MFA is an important security measure it’s simply one piece to a larger security strategy. Additionally, Reddit hack highlights the importance of security training for all employees, particularly those who support executives. One growing threat to executives is cyber extortion. In this type of attack, hackers gain access to sensitive information and threaten to release it publicly, unless a ransom is paid. The target of these attacks isn’t just the executive, but the support staff around them; family, friends, assistants, etc. These attacks can be devastating for individuals and companies, as they can result in reputational damage, financial loss, and legal ramifications.
A 2022 study by Cybersecurity Ventures predicts that global cybercrime costs will reach $10.5 trillion annually by 2025, with cyber extortion being a significant contributor to this figure.
The average cost of a cyber extortion attempt was $210,000 in 2021, according to a report by Mimecast.
In 2021, 31% of organizations experienced cyber extortion attempts, with 33% of those attempts being successful, as reported by the same Mimecast report.
According to a 2023 study by Barracuda Networks, 75% of organizations surveyed reported falling victim to at least one successful email attack in the last 12 months, with those affected facing average costs of more than $1 million to recover from their most expensive attack.
The financial impact of attacks has increased radically over the last year, according to 23% of those affected.
The fallout from a successful email security attack can be significant and damaging, including downtime and business disruption affecting 44% of those that had been hit, loss of sensitive, confidential, and business-critical data affecting 43%, and damage to brand reputation affecting 41%.
Overall, these statistics highlight the significant financial and reputational costs associated with digital executive extortion, as well as the importance of investing in email security and educating employees, especially those in support roles around executives, to prevent successful attacks. Organizations should implement measures to ensure remote workers follow security policies and enable secure remote access to business applications and critical data. To prevent executive cyber extortion, companies need to take a holistic approach to cybersecurity. This includes implementing strong security measures like MFA, in addition to educating employees on best practices and identifying potential threats. Specifically, educating the support staff around executives is critical, as they often have access to sensitive information and may be targeted by hackers as a means of gaining access to executive accounts.
Executive Risk can come in many ways and from a breadth of vectors. 360 Privacy offers a full suite of Digital Executive Protection solutions for a tailored experience to executives and their families.