No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Whaling: When Business Leaders Become Cyber Weapons

Scammers, often using AI, are targeting your company’s big fish

by Aileen Allkins
May 24, 2023
in Cybersecurity
moby dick illustration

The threat of cyber crime is nothing new for the average business. But new tools like AI mean fraudsters have access to even more sophisticated tools, enabling them to hyper-focus their attempts on high-value targets, including top executives and C-suite members. Aileen Allkins of elev8 Digital Skilling shares tips for making sure staff at all levels have the tools they need to spot a fraud attempt.

Cyber attacks against financial services organizations have surged since the start of 2022, rising by 81%, according to a recent analysis. If cyber crime wasn’t previously high on the agenda for senior executives, it certainly is now, and business leaders across all sectors must be aware of the threats they face and how to mitigate them.

One such threat that has emerged in recent times is whaling, a specific form of phishing that targets organizations’ most influential employees. By selecting victims at the very top of the org chart, hackers are able to reap dividends well into the millions with just one email.

Characterized by ultra-realistic mimicry and real-life details, whaling emails target high-level executives with convincing requests for the transfer of funds or sensitive data. Notably, whaling and other scam emails are increasingly making use of AI to fabricate a highly convincing tone of voice, and spam email addresses are often just one character away from that of the colleague they are mimicking. 

While whaling attempts may be highly convincing, their effectiveness depends on being able to exploit weak spots in the victim’s digital literacy. According to Verizon, 82% of all cyber breaches involve human error, and hackers frequently rely on this to manipulate their target into making a mistake.

Although the actions of employees are central to so many attacks, research has shown that organizations themselves may be falling behind in providing adequate training into modern attack scenarios. The UK’s Department for Science, Innovation & Technology recently reported that only 18% of businesses had provided cybersecurity training to all staff in the past year. While businesses are generally aware of the need for high-level cybersecurity measures, including appropriate education, too often, these needs are beyond the capabilities of a taxed IT department.

tech fluency_n
Cybersecurity

Not Your Grandpa’s C-Suite: Improving Tech Fluency at the Top of the Organization

by Jim DeLoach
January 18, 2023

In our hyper-connected world, just about every company is a tech company. As commerce and technology become increasingly intertwined, it’s even more important for senior executives and board members to ensure they have basic technological understanding, and Protiviti’s Jim DeLoach has the important questions for them to answer.

Read moreDetails

Cybersecurity at every level

Every employee that works with technology is a possible target for a cyber attack, making cybersecurity a vital skill for almost all roles in a business. Rather than a standalone function limited to a tech department, cybersecurity should be viewed as a foundational pillar of an organization-wide digital ecosystem that every member of the workforce should be equipped to play their role in protecting.

Regular training to bring staff up to date with cybersecurity protocol, current threats relevant to their role and best practices not only feeds into an organization’s cyber skillset but helps maintain a culture of cybersecurity awareness. Employees who are upskilled in simple yet powerful cyber defense practices will cease to be an easy access point for hackers.

Privacy

The effectiveness of a whaling attempt is often dictated by the fraudster’s ability to mimic a particular employee, crafting a message using language in line with that of the supposed sender, weaving in details that the target will recognize as genuine.

Cyber criminals fuel these communications by collecting information from publicly accessible sources, such as social media platforms, discarded documents and sometimes from previously hacked materials. Through training, staff can be guided to develop an instinct of what seemingly innocuous information may pose a risk if incorrectly handled or shared. Regular education on the use of privacy settings, encryption, antivirus software and firewalls can provide a powerful guard against hackers.

Protocol

While bolstering employees’ awareness of threats and removing attackers’ sources to manipulable material may diminish the likelihood of a successful cyber attack, protocols such as two-step verification must also be in place, and they must become regular practice.  

The authority of the targeted individual is a central tool in whalers’ strategy, and so safeguards like two-step approval for the transfers of funds or data should be required for even the most senior executives. Whether a secondary request is automated or performed manually, employers should ensure that staff are fully aware of what proper and truly cyber-secure verification processes look like.

Essential capabilities

A workforce that is trained to identify information that can pose a risk, made aware of the particular threats their position may be subject to and equipped with an understanding of how they can properly protect their data is an essential element of a robust cybersecurity strategy.

Cybersecurity is necessary and achievable, but it requires committed investment into training and ongoing efforts from every individual in a business. Businesses with a cybersecurity strategy limited to software and IT professionals overlook the most powerful agent in a digital workplace — the people who work within it — to their peril.  


Tags: Cyber RiskTraining
Previous Post

Regulatory and Economic Times Are Changing. Have You Re-evaluated Your Compliance Management System?

Next Post

Tracing Key Legal Developments in the UK’s AML Regime

Aileen Allkins

Aileen Allkins

Aileen Allkins is chief revenue officer of elev8 Digital Skilling.

Related Posts

Ethiciti Neuroscience Compliance Training

Neuroscience of Compliance Training

by Corporate Compliance Insights
May 14, 2025

Is your compliance training working with your employees' brains or against them? Whitepaper Neuroscience-Driven Training Techniques What’s in this whitepaper...

news roundup green bars

In-House Counsel Salary Increases Slow

by Staff and Wire Reports
May 2, 2025

Majority of execs predict rise in fincrime in ’25

data abstract green purple

66% of CISOs Worry Cyber Threats Are More Advanced Than Companies’ Defenses

by Staff and Wire Reports
April 25, 2025

US business sector falling behind in adoption of renewable energy

robot hand pointing to sky

Agentic AI Can Be Force Multiplier — for Criminals, Too

by Steve Durbin
April 21, 2025

How polymorphic malware and synthetic identities are creating unprecedented attack vectors

Next Post
parliament

Tracing Key Legal Developments in the UK’s AML Regime

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights