{"id":16989,"date":"2025-03-12T08:54:22","date_gmt":"2025-03-12T12:54:22","guid":{"rendered":"https:\/\/joindeleteme.com\/?post_type=b2b-post&#038;p=16989"},"modified":"2025-06-10T09:27:16","modified_gmt":"2025-06-10T13:27:16","slug":"creating-an-executive-cyber-security-training-program-that-works-against-personalized-threats","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/creating-an-executive-cyber-security-training-program-that-works-against-personalized-threats\/","title":{"rendered":"Creating an Executive Cyber Security Training Program That Works Against Personalized Threats"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#executive-cyber-security-training-has-never-been-more-crucial\">Executive Cyber Security Training Has Never Been More Crucial\u00a0<\/a><\/li><li><a href=\"#how-to-train-executives-to-withstand-personalized-threats\">How to Train Executives to Withstand Personalized Threats<\/a><\/li><li><a href=\"#ai-has-made-it-easier-to-launch-cyber-attacks-against-executives\">AI Has Made It Easier to Launch Cyber Attacks Against Executives\u00a0<\/a><\/li><li><a href=\"#secure-companies-build-training-programs-with-these-2-inputs\">Secure Companies Build Training Programs with These 2 Inputs\u00a0<\/a><\/li><li><a href=\"#boost-your-executive-cyber-security-training-program-with-personalized-data-removal\">Boost Your Executive Cyber Security Training Program with Personalized Data Removal<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p><strong>TL;DR<\/strong>: Executive cyber security training helps defend executives against some cyber risks. However, training must be augmented with data removal to protect executives from personalized threats.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Personalized threats are threats that target executives specifically by using detailed information about them.&nbsp;<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Personalized threats defeat executive cyber security training because they use personal data (such as professional roles, contact details, and even family member information) to create highly convincing and contextually relevant attacks.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DeleteMe supplements executive cyber security training by keeping personal data away from cybercriminals.<\/strong><\/li>\n<\/ul>\n\n\n\n<p>AI advancements make it easier for criminals to build sophisticated attack chains.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"810\" height=\"562\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/aiphishingscams-3.png\" alt=\"Financial Times' headline: &quot;AI-generated phishing scams target corporate executives.&quot; \" class=\"wp-image-16991\" style=\"width:605px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/aiphishingscams-3.png 810w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/aiphishingscams-3-300x208.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/aiphishingscams-3-768x533.png 768w\" sizes=\"(max-width: 810px) 100vw, 810px\" \/><\/figure>\n\n\n\n<p>Companies that protect their executives against AI attacks will increasingly depend on combining cybersecurity training with personal data protection solutions.&nbsp;<\/p>\n\n\n\n<p>Combining training with personal data protection covers two bases, making it less likely an executive will engage with a personalized cyber threat and making it harder for someone to create that threat in the first place.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"executive-cyber-security-training-has-never-been-more-crucial\">Executive Cyber Security Training Has Never Been More Crucial&nbsp;<\/h2>\n\n\n\n<p>Executives are attackers\u2019 prime targets.&nbsp;<\/p>\n\n\n\n<p>According to <a href=\"https:\/\/www.getapp.com\/resources\/senior-executive-target-cyberattacks-how-keep-secure\/\" target=\"_blank\" rel=\"noreferrer noopener\">one recent study<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>72% of US senior executives were targeted at least once by a cyberattack in the last 18 months.<\/li>\n\n\n\n<li>69% of respondents whose company\u2019s senior executives were previously targeted say cyberattacks against senior staff have increased.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Criminals target executives because:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Executives often have direct access (as administrator) or control over people with access to their organization&#8217;s most valuable assets. Bank accounts, customer data, the ability to approve large transactions, etc.&nbsp;<\/li>\n\n\n\n<li>They tend to be \u201cpublic personas,\u201d i.e., their personal information is usually available on social media, company websites, and professional networks. Attackers can use this data in their attacks, for example, to create personalized phishing attacks that are hard to detect.&nbsp;<\/li>\n\n\n\n<li>People with packed schedules (like executives) are more likely to make quick decisions or overlook subtle red flags (e.g., in social engineering attacks). It might even make them skip cyber training. In the study mentioned above, among the companies who said they don\u2019t prioritize extra cyber training for senior executives, 34% said this was due to resistance from senior leadership to participate in training due to time constraints.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-train-executives-to-withstand-personalized-threats\">How to Train Executives to Withstand Personalized Threats<\/h2>\n\n\n\n<p>How do organizations protect their executives against modern threats? We see secure organizations build training programs with three core training content and process inputs.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Put a spotlight on social engineering&nbsp;<\/h3>\n\n\n\n<p>Attackers often target people through the same hooks that sales might use, e.g., needs, desires, wants, and (most of all) points of contact they already know.&nbsp;<\/p>\n\n\n\n<p>Social engineering attacks, such as phishing, spear phishing, and pretexting, all rely on hooking a target executive with a point of relevance, like a hobby they have, the school they went to, their job responsibilities, etc., that will get them to put their guard down and engage with what is really a scam.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"515\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/socialengineeringpost-1024x515.png\" alt=\"LinkedIn post about social engineering \" class=\"wp-image-16992\" style=\"width:674px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/socialengineeringpost-1024x515.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/socialengineeringpost-300x151.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/socialengineeringpost-768x387.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/socialengineeringpost.png 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>A <a href=\"https:\/\/www.helpnetsecurity.com\/2018\/11\/14\/pathe-bec-scam\/\" target=\"_blank\" rel=\"noreferrer noopener\">real-world example<\/a> of a personalized spear phishing campaign targeting executives is the attack on the French cinema group Path\u00e9.&nbsp;<\/p>\n\n\n\n<p>Here, cybercriminals sent Path\u00e9 Nederland director an email that looked like it came from the chief executive of the French parent company, falsely claiming a need for urgent funds related to a business acquisition.&nbsp;<\/p>\n\n\n\n<p>Despite a few inconsistencies, the email successfully manipulated internal communications, leading to multiple fraudulent transfers before the deception was uncovered.<\/p>\n\n\n\n<p>The above campaign &#8211; and many executive social engineering attacks &#8211; is only made possible when an attacker can get an executive\u2019s email address alongside their job description and company hierarchy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Have a game plan for personalized threat campaigns<\/h3>\n\n\n\n<p>Executive social engineering campaigns, like the one in the previous point, rely on attackers being able to find executives&#8217; personal information, like their email addresses, roles, and communication styles.&nbsp;<\/p>\n\n\n\n<p>The result is highly personalized messages that increase the likelihood of the executive engaging with the phishing attempt.&nbsp;<\/p>\n\n\n\n<p>All the security awareness training in the world won\u2019t work against an attacker who really \u201cknows\u201d their target. Just like a great cold sales pitch, a personalized phishing attack will break down someone&#8217;s guard just enough to get them to engage and move deeper into the scam.&nbsp;<\/p>\n\n\n\n<p>What&#8217;s worse is that security awareness training often focuses on generic tactics and common phishing scenarios. Generic training is seen by executives as something they must do to \u201ctick a box\u201d alongside 100 other priorities.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Personalized social engineering attacks (designed with detailed knowledge of the target&#8217;s personal and professional life) are not picked up.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Work backward from the methods criminals use to target executives<\/h3>\n\n\n\n<p>Criminals can use a variety of methods to gather executives&#8217; personal information for personalized attacks.&nbsp;<\/p>\n\n\n\n<p>Common techniques include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Open Source Intelligence (OSINT)<\/strong><strong><br><\/strong>Publicly available information from company websites, press releases, annual reports, and professional profiles (e.g., LinkedIn) can reveal executive details and email formats.<\/li>\n\n\n\n<li><strong>Social media<\/strong><strong><br><\/strong>Social platforms such as Twitter, Facebook, and LinkedIn often provide clues about an executive\u2019s contact information and professional networks.<\/li>\n\n\n\n<li><strong>Domain and email reconnaissance<\/strong><strong><br><\/strong>Tools that analyze domain registrations or company email structures (e.g., common email patterns like firstname.lastname@company.com) allow criminals to figure out potential email addresses.<\/li>\n\n\n\n<li><strong>Data breaches<\/strong><strong><br><\/strong>When companies or third parties experience breaches, leaked databases may include executive contact details that criminals can use for targeted attacks.<\/li>\n\n\n\n<li><strong>Data brokers<\/strong><strong><br><\/strong>People search sites and B2B data brokers share executives\u2019 personal information (including their email address, phone number, family member details, education history, etc.) in one place.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>When it comes to data brokers, we know from <a href=\"https:\/\/www.varonis.com\/blog\/contileaks\" target=\"_blank\" rel=\"noreferrer noopener\">leaked criminal chat transcripts<\/a> that attackers buy executive data from data brokers.<\/p>\n\n\n\n<p>It\u2019s easy to see why. Data brokers are fantastic tools for determining spear-phishing targets and finding contacts to \u201cname drop\u201d in social engineering attacks.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s an example of an executive\u2019s profile on a B2B data broker website:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1021\" height=\"1024\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bdatabrokerprofile.png\" alt=\"B2B data broker profile\" class=\"wp-image-16993\" style=\"width:648px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bdatabrokerprofile.png 1021w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bdatabrokerprofile-300x300.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bdatabrokerprofile-150x150.png 150w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bdatabrokerprofile-768x770.png 768w\" sizes=\"(max-width: 1021px) 100vw, 1021px\" \/><\/figure>\n\n\n\n<p>Many B2B data brokers also include org business charts.&nbsp;<\/p>\n\n\n\n<p>Criminals leverage org charts to further personalize their attacks by:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Identifying key decision-makers<\/strong><strong><br><\/strong>By knowing who holds power within the organization, attackers can target individuals with the authority to make critical decisions or access sensitive data.<\/li>\n\n\n\n<li><strong>Tailoring the message<\/strong><strong><br><\/strong>With details on roles and relationships, criminals can craft messages that appear to come from a trusted colleague, superior, or even a subordinate.&nbsp;<\/li>\n\n\n\n<li><strong>Simulating internal communication<\/strong><strong><br><\/strong>Knowledge of departmental structures could allow attackers to mimic the language, tone, and content of legitimate internal communications, making their phishing emails or other social engineering attempts more convincing.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"822\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bprofileorgchart-1024x822.png\" alt=\"B2B data broker profile org chart\" class=\"wp-image-16994\" style=\"width:602px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bprofileorgchart-1024x822.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bprofileorgchart-300x241.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bprofileorgchart-768x616.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bprofileorgchart-1536x1233.png 1536w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/03\/b2bprofileorgchart.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Attackers also love to use people search sites (\u201cregular\u201d data brokers).&nbsp;<\/p>\n\n\n\n<p>These sites include personal details like potential family members, marital status, and social media links &#8211; data that criminals can further make use of in their campaigns.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ai-has-made-it-easier-to-launch-cyber-attacks-against-executives\">AI Has Made It Easier to Launch Cyber Attacks Against Executives&nbsp;<\/h2>\n\n\n\n<p>AI tools are making it faster and easier for criminals to gather information about executives by automating high-risk spear phishing operations, including data collection.&nbsp;<\/p>\n\n\n\n<p>A <a href=\"https:\/\/arxiv.org\/abs\/2412.00586?ref=hackernoon.com\" target=\"_blank\" rel=\"noreferrer noopener\">recent Harvard study<\/a> found that AI successfully gathered precise and valuable information in 88% of cases. AI can also <a href=\"https:\/\/www.ft.com\/content\/d60fb4fb-cb85-4df7-b246-ec3d08260e6f\" target=\"_blank\" rel=\"noreferrer noopener\">analyze large amounts of data<\/a> on an executive\u2019s tone and style, making it easier to create persuasive scams.<\/p>\n\n\n\n<p>As per the Harvard study:<\/p>\n\n\n\n<p><em>\u201cAI enables attackers to target more individuals at lower cost and increase profitability by up to 50 times for larger audiences.\u201d<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure-companies-build-training-programs-with-these-2-inputs\">Secure Companies Build Training Programs with These 2 Inputs&nbsp;<\/h2>\n\n\n\n<p>In the next five years, companies that combine personalized executive cybersecurity training with active data removal solutions will stop far more attacks against executives than their peers.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Up-to-date cyber security training content<\/h3>\n\n\n\n<p>Training programs should address the risks of personalized social engineering and spear phishing and include real-world examples and simulations demonstrating how attackers could leverage executives\u2019 personal data.<\/p>\n\n\n\n<p>Ensure training materials are frequently updated to reflect evolving tactics (particularly important with advancements in AI and data mining techniques).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Executive data footprint management&nbsp;<\/h3>\n\n\n\n<p>Educate executives on the importance of reducing how much personal and professional information they share online.&nbsp;<\/p>\n\n\n\n<p>Advise executives on the benefits of regularly reviewing and cleaning up their online profiles. This includes removing unnecessary personal details that attackers could exploit.<\/p>\n\n\n\n<p>Work with <a href=\"https:\/\/joindeleteme.com\/business\/\" target=\"_blank\" rel=\"noreferrer noopener\">cybersecurity professionals like DeleteMe<\/a> to identify and remove personal and professional information from data broker sites. This reduces the chance of attackers accessing personal details about executives.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"boost-your-executive-cyber-security-training-program-with-personalized-data-removal\">Boost Your Executive Cyber Security Training Program with Personalized Data Removal<\/h2>\n\n\n\n<p>By combining specialized training with proactive steps to reduce digital exposure, organizations can better protect their executives from sophisticated, personalized cyber threats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>TL;DR: Executive cyber security training helps defend executives against some cyber risks. However, training must be augmented with data removal to protect executives from personalized threats.&nbsp; Personalized threats defeat executive cyber security training because they use personal data (such as professional roles, contact details, and even family member information) to create highly convincing and contextually [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":0,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[],"class_list":["post-16989","b2b-post","type-b2b-post","status-publish","format-standard","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/16989","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/14"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/16989\/revisions"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=16989"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=16989"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}