New research has found that executive leaders are putting their businesses at risk with much looser security practices than their underlings.
The study from Ivanti found executives are the most likely to be targeted by threat actors, making the possibility of a successful phishing campaign or malware attack even higher.
The shocking discrepancy between the security protocols practiced by cybersecurity professionals and their executive leadership can have real consequences.
Do as I say, not as I do
The company’s Executive Security Spotlight report examined the security habits of office workers, security professionals and leadership executives from across the globe found that despite increasing support and investment in cybersecurity, 49% of executives have requested to bypass security protocols.
Moreover, executives are three times more likely to share their work devices with friends and family than office workers, and one in three admitted to accessing unauthorized data. But that’s not all, 77% use birthdates, pet names, or other easy to remember information in their passwords.
Security professionals within businesses are struggling to combat the risks posed by executives due to a number of factors. Due to over-burdening and under-staffing, almost two thirds (60%) of CISOs said they had experienced burnout in the past 12 months. Combine this with executives frequently violating security protocols under the guise of ‘just-this-once-ism’ and it’s understandable why security teams have difficulty improving executive behaviors.
It’s no wonder then, that executives are twice as likely to describe their interactions with their security team as ‘awkward’ and ‘embarrassing’ compared to other office workers. Executives are also four times more likely to use external, often unapproved, tech support rather than consult their own IT team.
The emergence of spear phishing attacks targeting executive level employees has potentially led to an increasing number of executives being targeted by these scams. Almost half (47%) of executives said they had been targeted by a phishing scam in the past 12 months, with 35% of those clicking on a phishing link or sending money to a scammer.
“There’s a 100% chance your organization has been phished in the last year. It’s the #1 way threat actors get that initial foothold in your network. We need to make sure that we account for that, and don’t just assume people will ‘know better’ or that a phish will be overly obvious,” noted Ivanti Chief Security Officer Daniel Spicer.