03Business leaders are
highly vulnerable
to socially
engineered hacks

Britain’s business people are putting themselves in a highly vulnerable position by obliviously posting personal information online.

Digitalis research in association with YouGov March 2016

A recent City AM article, Cyber security: Business leaders are inadvertently leaving their companies open to threats from social engineering, lead with the release of Digitalis’s research. The findings were also cited by James Moore in his column for The Independent's final print edition on Saturday, Enter the scammers as executives ignore their inner cynics on social media.

Digitalis conducted detailed analysis in association with YouGov to further understand the risks surrounding socially engineered hacks. The findings highlight that Britain's business people are putting themselves in a highly vulnerable position by obliviously posting personal information online and not taking precautions to safeguard their digital footprint.

Cyber criminals are capitalising on the exposure of such data and using it to orchestrate socially engineered hacks. Information that may appear relatively innocent in isolation is being harvested in order to generate detailed profiles of potential victims, prior to an attack.

Casual online posting and a lack of attention to privacy settings on social media has given criminals access to a hotbed of useful information and targets. Victims can be researched thoroughly and easily, in order to plan a bespoke, malicious approach. As a result, the click-through rate on phishing emails has skyrocketed. These emails are now significantly more convincing because criminals can become embedded in the digital trail of their prey.

Business people are unknowingly exposed through a variety of online platforms. The explosion of the social media culture means a plethora of information is readily available and this is posing a serious risk. Our research reveals some highly concerning statistics about the awareness of the threat:

  • Only half of business people restrict who can see their profile on social media
  • Only 36% keep on top of privacy settings changes
  • Only a quarter of people regularly check what is online about them

The research highlights a disturbing trend - that people are less knowledgeable about how hackers use social media than previously thought. After a number of successful, high profile hacks during the last 12 months and rising media interest in the matter, Edward Lucas author of Cyberphobia, noted that our findings are particularly "alarming and timely".

Elaborating on the key problem further, Dave King explains, "Even firms with military grade technology have been caught out by the targeting of an employee via a beautifully bespoke phishing email - designed by a deep understanding of his or her interests - who effectively opens the door unwittingly to the attacker. Our research demonstrates just how naïve the board table is of this risk which should rank as high on the risk register as technical countermeasures."

Laura Toogood added, "It is vital that business leaders are aware of what information is publically available about them online. They must evaluate the risks and online landscape in order to implement effective countermeasures."

Find out more about Digitalis's Digital Cyber and Threat Audit

Digitalis  also offers training to assist with protecting against socially engineered hacks