Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,556
- Points
- 113
Simple passwords and excessive trust are a questionable approach to protecting a company.
A new report by Ivanti on cybersecurity issues has revealed disturbing data about the behavior of top management in the field of information security.
According to a survey of more than 6,500 senior executives, cybersecurity professionals, and office workers from around the world, almost one in two (49%) top managers in the last year requested that one or more of the company's security measures be disabled. This revealed a serious gap between the stated support for cybersecurity and the actual actions of employees.
The 2023 Executive Security Spotlight report found that while 96% of CEOs assure clients and investors of unprecedented cybersecurity in their organizations, in fact, many of them, concerned about their ease of access to information, often look for ways to circumvent the security system, which can significantly increase cyber risks.
Among the report's most troubling findings are the following:
In addition, managers are twice as likely as regular employees to describe their last interaction with the IT security team as "awkward" or "embarrassing," which makes them four times more likely to turn to unverified external sources for support.
Daniel Spicer, director of security at Ivanti, warned that executives may underestimate how attractive a target they can be to attackers. "As our work environments become digital, it is impossible to completely eliminate all risks, but we definitely need to eliminate unnecessary risks," he added.
The main challenge for security leaders is to achieve corporate consent and compliance with cybersecurity, especially among their colleagues in management, in order to close the impact on security of the human factor, as well as to avoid double standards in relation to the rest of the company's employees.
A new report by Ivanti on cybersecurity issues has revealed disturbing data about the behavior of top management in the field of information security.
According to a survey of more than 6,500 senior executives, cybersecurity professionals, and office workers from around the world, almost one in two (49%) top managers in the last year requested that one or more of the company's security measures be disabled. This revealed a serious gap between the stated support for cybersecurity and the actual actions of employees.
The 2023 Executive Security Spotlight report found that while 96% of CEOs assure clients and investors of unprecedented cybersecurity in their organizations, in fact, many of them, concerned about their ease of access to information, often look for ways to circumvent the security system, which can significantly increase cyber risks.
Among the report's most troubling findings are the following:
- One in five managers (20%) shares their work password with someone outside the company.
- More than three-quarters of CEOs (77%) use simple passwords, including dates of birth or pet names.
- Managers are three times more likely than regular employees to share their work devices with unauthorized users, such as friends, family, and external freelancers.
- A third of managers (33%) admit to unauthorized access to work files and data, while almost two-thirds indicated that they could edit these files/data.
In addition, managers are twice as likely as regular employees to describe their last interaction with the IT security team as "awkward" or "embarrassing," which makes them four times more likely to turn to unverified external sources for support.
Daniel Spicer, director of security at Ivanti, warned that executives may underestimate how attractive a target they can be to attackers. "As our work environments become digital, it is impossible to completely eliminate all risks, but we definitely need to eliminate unnecessary risks," he added.
The main challenge for security leaders is to achieve corporate consent and compliance with cybersecurity, especially among their colleagues in management, in order to close the impact on security of the human factor, as well as to avoid double standards in relation to the rest of the company's employees.
