There are many perks and privileges that come with being in C-Suite -- the upper management levels of a corporation. Among the perks available in some companies are company cars, big expense accounts, and corner offices. But in almost every company, C-level executives also have the ability to make and set rules...and also to break them. A recent study from MobileIron called “Trouble at the Top” found that it’s exactly this perk that gives C-Suite members the ability to ask IT subordinates to allow them to bypass certain corporate cybersecurity measures, leaving the company more vulnerable to attack. In other words, this C-Suite cybersecurity risk can jeopardize an entire company.
Frustration Leads to Vulnerability
According to the article, C-Suite executives feel a sense of frustration by having to deal with tight security protocols. Some of that frustration comes from the perception that they are giving some level of control over their personal mobile devices to lower-level employees in the IT department. As a result, 68% surveyed were concerned about their personal privacy. Some (58%) were intimidated by the complexity of IT Security, and 62% thought that additional security measures make their devices less usable.
As a result, 47% of those executives surveyed had requested access to unsupported devices, 45% asked to bypass multi-factor authentication, and 37% asked for access to business data on an unauthorized app or device, and about one third used the same password for multiple resources. In total, 78% of those surveyed had asked to bypass one or more security measures.
All of these create cybersecurity vulnerabilities that IT staff try very hard to avoid.
The Irony (And Danger) Of C-Suite Cybersecurity Risks
So while senior executives are asking for relaxed security measures for themselves, they are increasingly becoming a target of cybersecurity attacks. A 2019 report written by Isaca.org says that the C-Suite is the new main target of Phishing attacks. And it’s no surprise: C-Suite Executives have the greatest authority and knowledge of an organization, and if their email or network credentials are stolen, the cybercriminals have access to a wealth of information, access and influence. The irony is that the group that requests the most exceptions to cybersecurity protocols (and who are most likely to receive those exceptions) are the most targeted group, and have access to the most valuable assets in their organizations.
If one of those executives who asked to waive multi-factor authentication then falls victim to a phishing attack, they could potentially give access to organization’s financial resources, which could lead quickly to empty bank accounts.
Similarly, if a phishing attack leads to access to the executive's email account, then fraudulent emails as part of a BEC Attack (Business Email Compromise) could be sent from that account to other members of the organization requesting access to IT resources, financial resources, proprietary company information, customer lists, vendor lists, and more. And if the same password is used for multiple resources, the problem can be multiplied quickly.
Coronavirus and Remote Workers Compound The Risks
And while the report was based on a survey done in 2019, cyber security risks have increased since the Coronavirus outbreak earlier this year. More employees are working from home than ever before, and that population includes many C-Suite executives because many of them, if older, likely fall into one or more high risk groups.
And with the increase in remote workers, remote worker security becomes more critical than ever before. If an organization’s cybersecurity isn’t locked down tight, one small breach enabled by loose security protocols for one individual can put the entire organization at risk.
How To Avoid The C-Suite Cybersecurity Risk
Digital Uppercut specializes in consistently strong security protocols for all our clients. What we find is that making our C-Suite clients aware of the dangers (as described in this article), combined with Cyber Awareness training is a significant deterrent to continued requests for more lax security. And our custom-designed cybersecurity solutions for organizations of all sizes and types are so strong, that we’ve never had to make a claim against our Million-Dollar Cyber Security insurance policy. Contact us online or call us at 818-913-1335, and let’s talk about protecting your organization.