Leadership Changes Trigger Hacks, Due to Company Vulnerability.

Change is a part of life, and a part of business too. Oftentimes change is good, but when there’s a leadership change at a business—with executives or key employees coming and going—a company could become vulnerable to hackers.

There are reasons for that, and they all make sense. It has little to do with cyber-awareness and employee safety-education problems. It has much to do with people and their humanness. This article takes a look at why and how this can happen.

Only making matters worse is this: cybercrooks are getting better at their craft, while many companies are way behind, and going backwards, in the cybersecurity wars. As they spend time figuring out what to do, hackers are advancing. So, if the thieves get a whiff if there is flux in the area, they’ll see it as an opportunity to strike.

The message is clear and important: Times of change can create opportunities for hackers to find people who aren’t being their otherwise cautious selves, security wise.

Businesses are already targets. Leadership changes can create hacking opportunities.

Businesses of all sizes need to be wary of hacks and cyberattacks (as well common business scams)—especially before, during, and even after changes at the top. 

Large organizations—those with boards, board members and C-Suite executives—are prime targets, not only because their companies are so large, but so are their networks.  

A large company means their customer data bases could be worth stealing. Moreover, if their network is susceptible, a successful attack could uncover valuable information.

A February 2016 article in the Wall Street Journal (“Changing Leaders? You May be a Target for Hackers.) even suggests that some sophisticated cyberthieves even stalk companies when they learn there is a change in company leadership.* And because companies announce leadership changes in press releases and professional platforms like LinkedIn, it’s easy for outsiders to learn there are changes going on.

Here are some scenarios that can happen.

Leadership shake ups creates uncertainty for employees.

When change is happening, employees might not be sure what the new normal is. Here’s an example of what might play out.

1. An organization loses its chief information security officer (CISO) to another company, and the company makes an announcement.
2. Then, an employee, perhaps a network administrator, receives an email from the chief information officer (CIO), who was the CISO’s boss. The CIO asks the network administrator to make a change to the network that doesn’t seem wise.
3. Nonetheless, because the department is in a time of flux with no CISO, the network administrator follows the orders.
4. Turns out the message was from an attacker pretending to the CIO. The change he directed made it possible for them to hack the network.

An attack can be simpler than that, but still caused by management/leadership change. Here’s an example that happens often in reality:

1. Due to key personnel leaving, a company finds itself without a CISO and a network administrator. Until a new hire is made, the analysts are forced to do their best.
2. The analysts are confused, however, when one of them receives an email with an attachment from the former network administrator. Confused yet curious, and with no boss to approach, they choose to open the email and click on the attachment.
3. The inadvertently install malware that attacks the network.

Employees go with what they think are “the new rules.”

Those who’ve worked in company headquarters have gone through regime changes, even sometimes with not just new executives but with new strategic thinkers. During a time like that, there’s an adjustment while employees get used to working either with new people…or in a new way, with changed expectations.

Here’s how a possible scenario along those lines that could play out:

• Employees of a company had been used to their easygoing CEO, who rarely made decisions or requested employees to carry out an action by email.
• That CEO is gone, replaced by a more hands-on person who is more decisive and communicative via texts and email.
• The new CEO is on vacation, so an administrative assistant is surprised, but responsive when they receive an email from what seems to be their new boss. The email has an attachment, which the admin dutifully opens and clicks on.
• Of course, it was a scammer/hacker, behind the email, who disguised their fake email address just well enough to fool the real CEOs admin.

We’re humans who make human mistakes.

Technology will continue to make advancements, such as the growth of augmented/artificial intelligence (AI), but the human beings who show up at the office or even work remotely have brains, feelings, ambitions and emotions.

A low-level employee won’t care who’s coming again, but the people who have spent time together on projects, meeting deadlines and creating products soon form bonds that extend beyond their tenure at one company.

Indeed, when a beloved boss moves up our out, or when a great coworker and good friend leaves voluntary—or is part of a mass layoff—the human side of the workplace kicks in.

There’s a good side to that…we make lifelong friends and share in each other’s ups and downs: there’s a downside too.

Leadership changes trigger hacks, when we let our guard down.

Deb worked with her boss, Sharon, for years at a large advertising agency. They are connected via LinkedIn, so it’s easy to see and learn of their working together. In the past, they gave testimonials on each other’s LinkedIn page and made comments on their posts.

One day Sharon the boss loses her job during a layoff. Everyone misses her. A month later, Deb gets an email from Sharon, with a message saying, “let’s catch up!”

Deb is glad to hear from her former boss and is quick to click on the email and attachment.

Little does Deb realize that she has opened and email with malware from a scammer who was impersonating her former boss.

And that’s how easy it is for employees to fall for a scammer’s phishing attempts during a regime change.

Learn more about cybersecurity and scams on the Easy Prey podcast.

You’ll find interviews with plenty of cybersecurity and online scam experts on the Easy Prey Podcast, hosted by Chris Parker, CEO of WhatIsMyIPAddress.com