Part of an executive team? You might be the biggest security risk to your business
Executives often a significant liability when it comes to cybersecurity, report claims
New research has found that executive leaders are putting their businesses at risk with much looser security practices than their underlings.
The study from Ivanti found executives are the most likely to be targeted by threat actors, making the possibility of a successful phishing campaign or malware attack even higher.
The shocking discrepancy between the security protocols practiced by cybersecurity professionals and their executive leadership can have real consequences.
Do as I say, not as I do
The company's Executive Security Spotlight report examined the security habits of office workers, security professionals and leadership executives from across the globe found that despite increasing support and investment in cybersecurity, 49% of executives have requested to bypass security protocols.
Moreover, executives are three times more likely to share their work devices with friends and family than office workers, and one in three admitted to accessing unauthorized data. But that's not all, 77% use birthdates, pet names, or other easy to remember information in their passwords.
Security professionals within businesses are struggling to combat the risks posed by executives due to a number of factors. Due to over-burdening and under-staffing, almost two thirds (60%) of CISOs said they had experienced burnout in the past 12 months. Combine this with executives frequently violating security protocols under the guise of ‘just-this-once-ism’ and it's understandable why security teams have difficulty improving executive behaviors.
It’s no wonder then, that executives are twice as likely to describe their interactions with their security team as ‘awkward’ and ‘embarrassing’ compared to other office workers. Executives are also four times more likely to use external, often unapproved, tech support rather than consult their own IT team.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The emergence of spear phishing attacks targeting executive level employees has potentially led to an increasing number of executives being targeted by these scams. Almost half (47%) of executives said they had been targeted by a phishing scam in the past 12 months, with 35% of those clicking on a phishing link or sending money to a scammer.
"There's a 100% chance your organization has been phished in the last year. It's the #1 way threat actors get that initial foothold in your network. We need to make sure that we account for that, and don't just assume people will 'know better' or that a phish will be overly obvious," noted Ivanti Chief Security Officer Daniel Spicer.
More from TechRadar Pro
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.