Executive & Management Phishing: BEC & Approval-Workflow Resilience

PTEF-Aligned:Profile → Tailor → Simulate → Evaluate → Evolve

Threat Narrative

Executive targeting (whaling) is a high-impact form of social engineering often linked to Business Email Compromise (BEC). Attackers exploit authority, urgency, and confidential context to pressure executives and finance/procurement teams into bypassing verification—requesting payment changes, urgent approvals, or sensitive document sharing. Cyberorca simulates these scenarios under written executive authorization to validate approval controls, verification discipline, and reporting readiness—without initiating real financial actions or collecting sensitive secrets.

How Cyberorca Runs This Service

Governance applies across all phases.

1

Profile & Scope

Scope & Executive Authorization — Define approved participants, time windows, scenario boundaries, and "do-not-target" conditions. Confirm who receives results and how reporting is anonymized/limited.

2

Tailor Scenarios & Controls

Workflow Mapping (Client-Provided Context) — Document approval paths and high-risk workflows using client-provided process knowledge, not intrusive surveillance.

3

Simulate (Controlled Execution)

Scenario Design (High-Impact, Non-Harmful) — Create realistic scenarios designed to test verification and escalation, not to trap individuals.

4

Evaluate (Telemetry & Reporting)

Controlled Execution & Safe Stopping — Run simulations via approved infrastructure and test identities with stop conditions and a kill switch. No real transactions are initiated and no sensitive data is requested (passwords/OTPs/banking credentials/national IDs).

5

Evolve (Remediation & Hardening)

Telemetry, Reporting & Hardening — Measure verification compliance, escalation/report actions, and time-to-report. Deliver prioritized fixes: dual-approval rules, callback verification steps, finance playbooks, and executive reporting shortcuts.

Metrics & Outcomes

Verification Protocol Compliance (did the target follow the right steps?)
Approval Workflow Resilience (attempts to bypass controls vs adherence)
Escalation/Report Rate (who escalated and how)
Median Time-to-Report (minutes/hours)
High-Risk Workflow Findings (where approvals are weakest)
Repeat Exposure Rate (improvement across cycles)
Control Adoption (implementation of recommended process controls)
Note: Outcomes vary based on baseline governance, finance controls, and executive engagement.

Governance & Ethics

  • Board/C-Level Authorization & Confidentiality: explicit approval required; reporting shared only with agreed stakeholders; confidentiality by default
  • Non-Embarrassment Policy: coaching and process improvement over shaming or internal politics
  • No Real Financial Action: simulations never initiate real payments or vendor changes; safe landing flows and stop conditions enforced
  • Strict Boundaries: no passwords/OTPs, no banking credentials, no national IDs, no coercion or threats
  • Privacy & Data Minimization: minimal telemetry; aggregated/anonymized reporting where appropriate; RBAC and audit trails; defined retention
  • Safety Controls: kill switch, live monitoring, and debrief when required

Engagement Model

Executive Baseline Assessment (2–4 weeks): limited scenarios + workflow weakness report + prioritized hardening plan Annual Executive Resilience Review: annual assessment + board-ready scorecard + control adoption tracking BEC Readiness Program: integrated with finance/procurement procedures, verification playbooks, and tabletop incident exercises