Insider Threats from the C-Suite - ThreatAdvice
Companies are constantly fighting phishing, ransomware, breaches and other cyberattacks. These attacks are becoming more common and more specific towards the individuals they target. Research conducted by Forbes revealed that 84% of C-level executives have been targeted by at least one cyberattack in the past year, with phishing attacks being the most common at 54%. Seventy-eight percent of IT leaders say the C-suite is the most likely to be targeted by phishing attacks. Seventy-six percent of CEOs admit to bypassing security protocols to get something done faster, sacrificing security for speed. The C-suite presents a large threat to cyberattacks because of the data in which they manage. Cybercriminals know just what to say to impersonate a high-level executive in hopes of gaining corporate credit card records, access privileges to various accounts. CEOs and the C-suite should lead by example for the rest of the organization by having a heightened sense of cybersecurity awareness.
The true insider threat starts with a neglect towards following security protocol. Despite being one of the most attacked sectors of a business, the C-suite is often guilty of being the weakest link in this area. Many security professionals believe this is because high-level executives often believe they are above cybersecurity protocol. Ironically, a strong cybersecurity policy starts with the C-suite and not the IT department. CEOs and other executives should have a large hand in forming the cybersecurity policy and ensuring that it is carried out by setting the standard. The C-suite must see themselves as the frontline of protection for the organization and make the extra effort to implement and enforce cybersecurity best practices. Cybersecurity protocol should be equally effective for all sectors of a business.
It’s highly probable that if one C-level team member has been targeted, there will be more attacks at other executives. This makes it imperative for any team member to report any phishing or fraudulent messages they receive. Knowing not to click on malicious links simply isn’t enough. C-level employees should understand that phishing attempts could spell a larger cyberattack campaign being carried out on the entire organization. Reporting suspicious cyber activity helps other employees know what to look out for. Communication carried out from the top is a strong method of fighting cybercriminals. The statistics show that well over half of CEOs and other executives have been known to sacrifice security for speed. This can often be seen through neglect towards reporting phishing attempts or a cyber incident. All employees must treat every aspect of cybersecurity with serious concern and attention to detail. Speed of work is never worth sacrificing companywide security.
The tension between business leaders and IT departments is very evident. IT often sees the C-suite as the weak link when it comes to cybersecurity, while executives often find the IT’s security measures to be either beneath them or intrusive to their personal privacy. The C-suite and IT must work together to find common ground. The longer these two sectors of a business are at odds, the more vulnerable to organization becomes. In modern enterprises, cybersecurity can't be optional. Businesses need to take every measure to ensure they have a strong security foundation in place that works for all sectors within the organization. This means that mobile security must be user friendly, while also allowing employees at every level of the business to maintain maximum productivity. Security measures must also help C-suite employees rest assured that their personal privacy is protected without being compromised internally. Businesses must strive for the right balance between user experience and security. As companies continue to examine security protocol, they will also have to take an inward look at how C-suite members are setting the security standard. Company data is too important to be left unsecure at any level, especially in the C-suite.
Nxtsoft’s ThreatAdvice suite can assist companies with cyberesecurity education oversight. Take a look at ThreatAdvice Educate for cybersecurity education, phishing simulaitons and policy needs and ThreatAdvice vCISO for comprehensive cyberscurity oversight management.