Log in
Forgot password ?
Become a member for free
Sign up
Sign up
Dynamic quotes 

MarketScreener Homepage  >  Equities  >  Toronto Stock Exchange  >  BlackBerry Ltd    BB   CA09228F1036


News SummaryMost relevantAll newsOfficial PublicationsSector newsAnalyst Recommendations

BlackBerry : C-Level Executives Face High-Level of Risk for Business Email Compromise

share with twitter share with LinkedIn share with facebook
share via e-mail
07/24/2019 | 10:25am EDT
C-Level Executives Face High-Level of Risk for Business Email Compromise
NEWS / 07.24.19 / Scott Scheferman

When it comes to enterprise security, the people at the top are most vulnerable to cyberthreats, according to Verizon's recently released 2019 Data Breach Investigations Report. The report found that C-level executives are being increasingly and proactively targeted by social breaches for financial gain. In fact, Verizon found that senior executives are 12 times more likely to be the target of social-engineered attacks and nine times more likely to be the target of social breaches.

Why C-level Execs Have a Big Target on Their Backs

With their unchallenged approval authority and privileged access to critical systems, C-level executives are ripe for cyberattacks. Additionally, there are a number of logistical reasons that make them such easy targets. For one, they're often on the move, and as a result, make quick decisions about important business actions via a small interface and a homogenous workflow on a mobile device. This makes them ideal 'muscle memory' targets. Executives are also public figures in most cases, with their personal information and email addresses readily available via open source intelligence (OSINT), which correlates into a higher level of risk for social breaches.

Verizon's report found that C-level executives are particularly susceptible to business email compromises (BECs). One of the main reasons for the uptick in this sort of attack is that the threat landscape now largely revolves around the misuse of stolen credentials, and executives are often the last people to fully implement two-factor authentication (2FA) to safeguard themselves. To put the sheer gravity of this situation into perspective, there are now in fact more stolen records than there are human beings on Earth, meaning malicious actors possess a massive pool of credentials to help them orchestrate an attack. And because executives' lives and movements are easily discerned via OSINT, it's easy for cybercriminals to craft a social engineering attack or spear phishing email with timely pretext that makes them look all the more credible.

Executives also tend to suffer from a mindset that cybersecurity does not apply to them. They tend to forgo the personal upkeep of security best practices by relying too heavily on the dangerous assumption that their IT staff can take care of and catch any suspicious activity. There's also a certain degree of denial among the C-level, to the effect that they have nothing a cybercriminal could possibly want that they don't already have. Time and again, these end up being famous last words, especially considering the fact that executives make more money and tend to have better credit-prime motivators for extortion or identity theft amongst cybercriminals. Thus, the C-level tends to have more to lose in their personal and professional lives than most.

The Rise of Business Email Compromises

There are numerous motives that have made business email compromise a go-to attack method for cybercriminals. For starters, it's a relatively easy way to financially extort an executive. Whether it's the straightforward theft of trade secrets or business decisions, a cybercriminal can easily game the stock market from the information gathered through BECs or profit by gleaning information on a product line's production, price, roadmap or inventory.

Other times, a BEC is initiated to subsequently reset passwords via password recovery options in enterprise applications or personal financial applications. That's because hacking an email account grants attackers access to many other applications for which that email account was used to register. In finance attacks, BEC is often leveraged to send emails to subordinates with explicit requests or instructions to conduct an action that facilitates a transaction resulting in fraud.

Threat actors are also quickly learning that the actual compromise of systems is not needed in order to extort an executive into paying a ransom. So, why would they add the complexity and technical dependencies on something like ransomware that encrypts hard-drives if they can simply compose an email 'close enough to home' to gain leverage over an executive? Financially motivated attackers know to take the shortest path with the highest chance for success and the least amount of risk. More often than not, that equates to a simple, well-composed email with a clear-cut demand.

A-level Security for the C-level

Fear not, C-level-there are many steps one can take to safeguard against the rise of business email compromise and other social-engineered attacks. For starters, let's revisit the process of 2FA, which can provide simple, high-security user authentication to safeguard all of your critical systems from email and beyond. BlackBerry 2FA provides enterprises with two-factor authentication to every type of user (C-level included) inside and outside of an organization. It supports unmanaged devices and those managed by a third party as well, so it can easily map onto almost any device one might use.

Once a user registers a mobile device, they can access critical systems by entering their usual password and clicking 'OK' on a registered device to authenticate. This eliminates the frustration of the complex authentication process, removes the need to remember PINs or manually transcribe code and offers a superior, one-click user experience that requires no IT support to set up.

Beyond 2FA, BlackBerry also offers BBM Enterprise, a secure, enterprise-grade messaging platform with end-to-end security and privacy. This tool is especially useful for users on the go like C-level executives because it allows them to do everything they want and need with the added bonus of high-level encryption and protection. Best of all, BBM Enterprise offers support across multiple platforms with powerful controls and IT policy management from a single, on-premise or cloud-based console.

Lastly, for an added layer of security around email, enterprises should consider the secure BlackBerry Work app, which combines enterprise email, calendar, document access and more into a secure mobile workforce. BlackBerry Work facilitates a seamless mobile business experience that doesn't sacrifice security. Thanks to next-generation containerization, BlackBerry Work protects all business data on corporate-owned or BYOD devices. And with powerful business-class email, executives can protect against BECs thanks to an advanced warning system that singles out messages from unauthorized sender domains.

Education and Awareness Matters…but Technology Is the Answer

While awareness and education of end users is still important, it is not enough to prevent modern threats from causing damage. Users, particularly business executives, will eventually click on a malicious link or file because they're only human. Nonetheless, it's imperative that executives understand the risks associated with their standing and that the threat landscape around them is increasing in both volume and sophistication. Armed with this perspective, executives can formulate a winning cybersecurity strategy that protects both themselves and their company.

A key component of that strategy is to leverage the current AI revolution by investing in predictive threat protection. CylancePROTECT helps enterprises get in front of malicious cyberattacks thanks to artificial intelligence that works to prevent attacks before they can damage an executive's devices or reputation. The predictive, continuous threat protection of CylancePROTECT offers enterprises a massive advantage against attacks both current and future, even if a company or its executives aren't up to date on the latest security best practices or updates. To learn more about predictive enterprise security, click here.

Be Proactive but Plan and Rehearse for All Contingencies

BlackBerry Cylance's renown consulting practice includes services designed to provide holistic protection for executives. Having performed thousands of Compromise Assessments and Incident Response & Containment engagements over the last six years, this practice offers a menu of both proactive and reactive services, including:

  • Table-top threat and crisis management engagements
  • SOC (security operations center) playbook and automation services
  • Insider-threat protection programs
  • BEC-focused red-teaming
  • IR training
  • Related program development

These services are able to meet the needs of an organization of any size and are designed to best position your organization to proactively prevent threats like BEC that target executives while also providing the reassurance of rapid incident containment services ready to go at a moment's notice. A list of some of these services can be found here. Bottom line: your A-plan should always be one of proactive security, but having a Plan B on the back burner will only further protect you.

About Scott Scheferman

Senior Director Professional Services Consultant



BlackBerry Ltd. published this content on 24 July 2019 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 24 July 2019 14:24:03 UTC

share with twitter share with LinkedIn share with facebook
share via e-mail
Latest news on BLACKBERRY LTD
08/16BLACKBERRY : Again Positioned as a Leader in Gartner's 2019 Magic Quadrant for U..
08/16BLACKBERRY : Again Positioned as a Leader in Gartner's 2019 Magic Quadrant for U..
08/15BLACKBERRY : How Asset Tracking Helps Address Cargo Theft
08/13BLACKBERRY : Why BlackBerry Continues to Be a Magic Quadrant Leader in Unified E..
08/07BLACKBERRY : Research Lifts the Veil on Penetration Testing Practices that Under..
08/06BLACKBERRY : Advances Real-Time Adaptive Security and Artificial Intelligence Wi..
08/05INTRODUCING BLACKBERRY INTELLIGENT S : Adaptive Security and AI to Protect Mobil..
08/05BLACKBERRY : Advances Real-Time Adaptive Security and Artificial Intelligence Wi..
08/02BLACKBERRY : Workplace chat apps fuel innovation. So, why aren't they secure?
07/24DON'T BE FOOLED : Leveraging the Cloud for Endpoint Security Without Dependencie..
More news
Financials (USD)
Sales 2020 1 134 M
EBIT 2020 43,1 M
Net income 2020 -72,3 M
Finance 2020 471 M
Yield 2020 -
P/E ratio 2020 -68,8x
P/E ratio 2021 -1 375x
EV / Sales2020 2,91x
EV / Sales2021 2,48x
Capitalization 3 770 M
Duration : Period :
BlackBerry Ltd Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends BLACKBERRY LTD
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus HOLD
Number of Analysts 15
Average target price 9,53  $
Last Close Price 6,88  $
Spread / Highest target 60,8%
Spread / Average Target 38,6%
Spread / Lowest Target 16,4%
EPS Revisions
John S. Chen Executive Chairman & Chief Executive Officer
Bryan Palma President & Chief Operating Officer
Steven M. Capelli Chief Financial Officer
Charles Eagan Chief Technology Officer
Barbara G. Stymiest Independent Director
Sector and Competitors
1st jan.Capitalization (M$)
SYNOPSYS54.25%19 478
SPLUNK INC20.86%18 856