Despite their high-ranking positions, senior executives are reportedly the weak link in the corporate cybersecurity chain with a new report from The Bunker, which finds that cyber-criminals often target this known vulnerability.
A recently published white paper, Are You the Weakest Link? How Senior Executives Can Avoid Breaking the Cybersecurity Chain, found that those at the top are guilty of a bit of grandiosity. They disregard cybersecurity threats and policies under the misguided perception that the rules don’t apply to their unique positions.
“Professional hackers and adversaries will usually do a thorough investigation into a senior executive or board level director, including full analysis which could entail in-depth monitoring of the company website and associated social media accounts,” the report said.
Most executives make the same five mistakes, according to the report. Senior executives fail to realize that they are prime targets for cybercriminals, which is potentially a result of their view that cybersecurity is an IT responsibility that doesn’t have anything to do with their executive positions.
In reality, though, the report said, “IT security has now become the remit of all individuals, especially those in the highest positions of each department and senior executives need to take ownership for IT security best practice in their day-to-day behavior.”
Another common mistake among senior executives is that they believe cybersecurity threats are attacks that happen to the business by some external malicious actor rather than being the result of internal threats or accidents.
Many top executives also reportedly believe that a cloud provider is responsible for the backup and security of all information, though they fail to use cloud hosted email securely.
However, cybercriminals know that top executives often have privileged access to company information, so hackers intentionally target their personal accounts.
“Reviewing corporate policies, with a focus on people, premises, processes, systems and suppliers will provide valuable insights into which areas to improve, and by championing a ‘security first’ corporate culture, organizations and their senior executives will be well positioned to avoid the high financial costs, reputational damage and unexpected downtime that could result from a cyber-attack or data breach,” said Phil Bindley, managing director, at The Bunker.