New research has found that executive leaders are putting their companies at risk with much looser security practices than their subordinates.
Ivanti’s research shows that executives are the most likely to be targeted by threat actors, further increasing the likelihood of a successful phishing campaign or malware attack.
The shocking discrepancy between the security protocols employed by cybersecurity professionals and their executive leadership could have real consequences.
Do as I say, not as I do
The companies Executive Security Spotlight Report Research into the security habits of office workers, security professionals and executives from around the world found that despite increasing support and investment in cybersecurity, 49% of executives have requested security protocols be bypassed.
In addition, executives are three times more likely to share their work equipment with friends and family than office workers, and one in three admit to having accessed unauthorized data. But that’s not all: 77% use dates of birth, pet names or other easy-to-remember information in their passwords.
Security professionals within companies have difficulty combating the risks that executives pose due to a number of factors. Due to overload and understaffing, almost two-thirds (60%) of CISOs say they have experienced burnout in the past 12 months. Combine this with the fact that executives regularly violate security protocols under the guise of “just-this-once-ism” and it’s understandable why security teams struggle to improve executive behavior.
It’s no wonder that executives are twice as likely to describe their interactions with their security team as “awkward” and “embarrassing” than other office workers. Executives are also four times more likely to use external, often unapproved, technical support than their own IT team.
The rise of spearphishing attacks targeting executive-level employees may have led to an increasing number of executives being targeted by these scams. Nearly half (47%) of executives said they had been the target of phishing fraud in the past 12 months, with 35% of them clicking a phishing link or sending money to a scammer.
“There’s a 100% chance that your organization has been phished in the last year. It’s the number one way threat actors gain a foothold in your network. We need to make sure we take that into account, not just assume that people do that.” ‘know better’ whether a phishing will be overly obvious,” said Ivanti Chief Security Officer Daniel Spicer.