Executives don’t take cybersecurity too seriously

3 January 2024
| No comments
Executives don’t take cybersecurity too seriously

Share post

More than a third of German managers have shared their password with someone outside their own company. A recent study shows how relaxed managers are about cybersecurity.

Security provider Ivanti has presented the results of the Executive Security Spotlight Report. The study deals with security behavior specifically at the C-level in the company. Although this group of people is constantly in the focus of spear phishing or whaling actors, executives are surprisingly relaxed when it comes to cybersecurity.

Managers are often the target of threats

The main sticking point: Due to their management tasks, they are often endowed with extensive access rights. And where they lack permissions, they circumvent security requirements. The Ivanti study is part of a series of surveys on employee safety behavior. The company surveyed 6.500 executives, cybersecurity experts and office workers worldwide.

Top executives often have unhindered access to corporate data sources and connected devices. However, they are the group of employees most often targeted by threat actors. They are well aware of their exposed position: 96% of them say that they support and are committed to their company's cybersecurity mission.

Ivanti study behavioral gaps (Image: Ivanti)

🔎 Ivanti study behavioral gaps (Image: Ivanti)

But the reality is different. According to the study results, every second top decision-maker (49%) had circumvented one or more security measures in the past year. This pattern runs through the entire survey: Be it due to a lack of time to go through specific processes or a feeling of special status: managers tend to behave more riskily than the rest of the workforce

Key findings of the report:

  • One in five managers has already shared their work password with someone outside the company - in Germany even one in three CXOs (37%).
  • Three quarters (77%) use easy-to-remember passwords that include birthdays or pet names, among other things.
  • CXOs are three times more likely to share work devices with unauthorized users such as friends or family than any other employee.
  • Last year, one in three managers accessed work files and data for which they did not have authorization - one in two in Germany.
  • One in four (24%) still uses the same password that they were originally given. For office workers, this figure is only 14%.

Managers use external support more often

The Ivanti study also sheds light on the sometimes critical collaboration between managers and the security teams: In contrast to the rest of the workforce, managers are twice as likely to say that they found their interactions with the security department to be “unpleasant” or “embarrassing”, for example when they have expressed safety concerns. This results in executives four times more likely to use external, unapproved technical support.

The results highlight the need for trusting collaboration between security teams and executives: “When executives are willing to trade security for ease of use, they underestimate that they are a lucrative target for threat actors,” explains Daniel Spicer, chief security officer at Ivanti. “The challenge for security leaders is to demand the support of the company in carrying out cyber tasks - especially from the leadership team. Because not all members of the management level respect cyber hygiene.”

Measures to close the leadership behavior gap include audits, prioritizing remediation actions for the most common risks, conducting “game-based” security training, and implementing so-called “white glove” security programs.

More at Ivanti.com

 

About Ivanti

The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more

 

PR News
, , , ,