Cybercriminals have a fundamental advantage over their victims: They only have to find one security gap to exploit, while organizations must find and close all gaps in their IT environments. That’s virtually impossible to do, so organizations need to prioritize their security efforts to protect their most vital assets.

When developing their security strategies, organizations should focus on high-value targets, the individuals who have access to sensitive information and assets. High-value targets typically include executives and their assistants, board members, IT administrators, and individuals in finance and HR. They can also include teams of people working on sensitive projects.

Cybercriminals know that it’s much easier to attack a high-value target than to try to find weaknesses in an organization’s security. In light of that, organizations need to understand the specific risks to high-value targets and prioritize reducing those risks.

Attacks on High-Value Targets Start with Reconnaissance

Any user within the organization could provide an attacker with a foothold in the IT infrastructure. However, high-value targets have the “keys to the kingdom,” so cybercriminals use carefully planned attacks to exploit them. These highly targeted attacks begin with reconnaissance using publicly available information.

High-value targets are often active on LinkedIn, which can provide a wealth of information about their public and private lives. Their information is also publicly available through data brokers and may have been exposed in previous data breaches. By collecting and analyzing this information, cybercriminals can learn about the individual, associates and the organization as a whole.

Tactics Cybercriminals Use to Exploit High-Value Targets

Armed with this knowledge, cybercriminals can craft social engineering attacks that appear legitimate. The attacker may contact the high-value target through phone calls, phishing emails, text messages or LinkedIn chats and convince the target to give up sensitive information. By feeding the target’s information into AI tools, cybercriminals can create highly effective social engineering attacks at unprecedented scale.

Threat actors also use credential-stuffing attacks to access the accounts of high-value targets by attempting to log in with usernames and passwords obtained from a previous data breach. Once attackers gain access to a high-value target’s email or other account, they can use it to access sensitive information and assets. They can also use it to impersonate the high-value target for business email compromise (BEC) and other types of financial crimes or to cause reputational damage to the organization.

Understanding the Threats to High-Value Targets

Protecting high-value targets starts with understanding the threats. Security teams should identify individuals who are high-value targets based on their role and level of access to sensitive information. Conversely, security teams can look at the systems a threat actor would want to access and identify individuals who have privileged access to those systems.

They should then assess publicly available information for details that could suggest that an individual is a high-value target and provide the pretext needed for a social engineering attack. They should also determine if the work and personal emails of high-value targets have been exposed in a data breach. Suspicious domains and social media accounts should be blocked and third-party partners and supply chains assessed for risks.

Mitigating the Risk

To reduce the risk of attacks on high-value targets, security teams should remove or neutralize publicly available information about these individuals. This includes removing personal information, hobbies and other details from social media accounts, maximizing privacy settings and other techniques. If the target’s credentials have been exposed in a data breach, those credentials should be changed and access to sensitive systems secured with controls that can’t be bypassed by a credential-stuffing attack.

Security teams should secure the devices of high-value targets, their families and their support staff. This includes implementing spam filters, anti-phishing applications, email authentication protocols and other tools. High-value targets should also receive customized security awareness training so that they’re aware of the threats and how to identify them.

How Technologent Can Help

Identifying high-value targets and their associated risks is not a one-time event. The list will change frequently based on individual roles and projects, and digital footprints and identities will evolve. Technologent’s security team can help you develop a security strategy prioritizing high-value targets and implement the tools and processes needed to monitor and detect related threats.

Technologent
Post by Technologent
March 16, 2025
Technologent is a women-owned, WBENC-certified and global provider of edge-to-edge Information Technology solutions and services for Fortune 1000 companies. With our internationally recognized technical and sales team and well-established partnerships between the most cutting-edge technology brands, Technologent powers your business through a combination of Hybrid Infrastructure, Automation, Security and Data Management: foundational IT pillars for your business. Together with Service Provider Solutions, Financial Services, Professional Services and our people, we’re paving the way for your operations with advanced solutions that aren’t just reactive, but forward-thinking and future-proof.

Comments