According to the 2019 Verizon Data Breach Investigations Report, C-level executives are quickly becoming the new favorite target of threat actors and are now nine times more likely to be targets of data breaches than they were last year. With financial gain as the most common motive behind intentional data breaches – threat actors that gather, sell, or use C-level credentials in the theft of sensitive data are targeting C-level executives across industries because these credentials fetch a much higher price.

In this post, we will explore the increase in C-level credential theft and what the information security community can do to manage and heal corporate reputations and mitigate loss after their data has been compromised. For more information on how to thwart credential theft in your own organization, contact us today and learn about Terbium Labs’ Matchlight and how it can act as your organization’s credential theft early detection service.


Threat actors have wisened up and have begun to focus on the theft and sale of C-level credentials that can be used for often privileged and unfettered access into critical systems. Access to your company’s intellectual property or even personally identifiable information about your customers or employees are all typically accessible by all C-level employees.

BECs, Business Email Compromises, are driving the theft of data compromise for C-level executives according to the 2019 Verizon Data Breach Investigations Report. Senior executives are reportedly 12x more likely to be the target of social incidents and 9x more likely to be the target of social breaches than in previous years, via social engineering attacks. C-level executives are often time-starved and under pressure to deliver, and as a result, often review emails quickly, which can open the door for suspicious emails.


Understanding the risks to your data is the first step in the development of efficient and effective breach management processes. As the prevalence of financially-motivated social engineering attacks continues to rise, a change in strategy to address issues around topics like C-level credential monitoring, BECs, and social engineering attacks is becoming necessary for small businesses and large corporations alike.


Stolen login credentials are the most common way criminals break into corporate systems, often via the use of a web application. You can protect your organization by educating your personnel and developing a breach management process that employs proactive monitoring as a way to limit the damage caused by credential theft.

Make your employees aware of the risks of social engineering

  1. Educate employees on techniques like BEC
  2. Review current policies and security protocols for activities like financial transfers, sensitive data transfers, and any other important duty.
  3. Use multi-factor authentication to help prevent unauthorized access

Beware of the most likely suspects

Three of the top four email fraud scams will originate from a familiar source that you would normally trust, such as CEOs, suppliers, and attorneys. The fourth would be from someone you do not recognize asking for non-financial personal information – a non-financial phishing scheme.

Develop a breach management process that employs proactive monitoring Breaches can take months to discover and react to. A C-level credential stolen and sold on the dark web could give bad actors near unlimited access to your systems and sensitive data. Employing a proactive monitoring solution like Terbium Labs’ Matchlight will allow you to privately monitor sensitive data and discover and measure your company’s exposure on the dark web.

In short, the Verizon 2019 Data Breach Investigations Report has identified the rise of social engineering attacks against C-level executives that have privileged access to sensitive information on your systems. Threat actors have targeted these roles in order to identify, steal, and eventually sell this information. As threats to C-level and VIP data increase, more proactive solutions that identify security incidents faster will be needed to manage and heal corporate reputations and mitigate loss after large breaches.

To learn how you can proactively prevent the theft of sensitive data from your systems, contact us today or check out our resources page.