Understanding and protecting against the rising threat of Whale Phishing

Whale phishing, also known as spear phishing, is a form of social engineering that targets high-level executives with the aim of exploiting their privileged identities to compromise sensitive data, plant ransomware or steal money. These attacks are highly personalized and require significant investment from cybercriminals due to the research, time and capital needed to create believable phishing outreach. Whale phishing is on the rise, with a 131% increase in Q4 of 2020 to Q1 of 2021, and total phishing attempts up by 350% since 2020. The impact can be significant, with companies incurring costs of $120,000 per phishing attack on average. To protect against these attacks, organizations should evolve their security procedures, instill a communicative culture, plan to fail and double down on the principle of least privilege.