C-level executives might seem like the perfect target for an attacker. They have privileged access, hold confidential data, and are usually well paid. According to Symantec’s latest Internet Security Threat Report, the percentage of targeted attacks focusing on chief executive or board level employees fell from 25% in 2011 to 17% in 2012.
The most targeted role currently belongs to employees in the R&D area, hit with 27% of attacks, up from 9% in 2011. The next most targeted group was the sales department, which saw 24% of attacks in 2012 compared to 12% in 2011.
To me, this is an indicator that targets are shifting back to a larger pool, and also to employees who may not be considered ‘high profile’, but have considerable access. These employees are less likely to be suspicious, tend to take greater risks, and are not always presented with or interested in security awareness materials.