Top executives [1] [2] [3] [4] [5], who are often targeted by threat actors [1], have unrestricted access to valuable data and network assets [1]. However, a recent report by Ivanti highlights concerning behaviors among C-level executives that pose significant cybersecurity risks.
Description
According to the report [5], nearly half (49%) of C-level executives have requested to bypass security measures in the past year [4] [5], despite claiming to support cybersecurity mandates [4]. This disregard for security protocols is alarming, especially considering that 77% of executives still use easily guessable passwords, such as birthdates and pet names [2] [3] [4]. Additionally, a fifth of executives have shared their work passwords with individuals outside the company [5], and the C-suite is three times more likely to share work devices with unauthorized users [2] [3] [5]. Shockingly, a third of executives admit to accessing unauthorized work files and data [2] [3] [5].
The report emphasizes the need to eliminate unnecessary risk and gain organizational buy-in and compliance on cyber mandates [5]. It highlights that senior leaders may underestimate their attractiveness as targets for threat actors [5]. To address these issues [3], the report suggests conducting audits, prioritizing remediation for common risks [2] [3] [4], and implementing gamified security training sessions [2] [3] [4]. These steps aim to bridge the gap in executive conduct and rebuild trust and communication between executives and security teams.
Furthermore, the report sheds light on the strained relationship between executives and security teams. Executives often find interactions with security teams awkward or embarrassing [2], leading them to seek external, unapproved tech support [2] [3] [4] [5]. Rebuilding trust and fostering a collaborative relationship between security teams and executives is crucial [2] [3]. The report recommends conducting audits, prioritizing remediation for common risks [2] [3] [4], implementing gamified security training sessions [2] [3] [4], and introducing “white glove” security programs to address this executive conduct gap [2].
Conclusion
The concerning behaviors exhibited by C-level executives pose significant cybersecurity risks to organizations. It is imperative to address these issues to protect valuable data and network assets. By implementing the suggested measures, organizations can mitigate risks, rebuild trust [2] [3] [4], and foster a collaborative relationship between executives and security teams. Looking ahead, it is crucial to prioritize cybersecurity awareness and ensure that senior leaders fully understand the importance of adhering to security protocols.
References
[1] https://finance.yahoo.com/news/ivanti-report-reveals-49-cxos-040100962.html
[2] https://ai-techpark.com/ivanti-announced-the-results-of-executive-security-spotlight-report/
[3] https://vmblog.com/archive/2023/10/31/ivanti-report-reveals-that-49-of-cxos-have-requested-to-bypass-one-or-more-security-measures-in-the-past-year.aspx
[4] https://www.morningstar.com/news/business-wire/20231030809883/ivanti-report-reveals-that-49-of-cxos-have-requested-to-bypass-one-or-more-security-measures-in-the-past-year
[5] https://www.infosecurity-magazine.com/news/half-execs-request-security-bypass/
