HomeCII/OT1. 5 Strategies for Managing the Executive Cyberthreat 2. Managing the Executive Cyberthreat:...

1. 5 Strategies for Managing the Executive Cyberthreat 2. Managing the Executive Cyberthreat: 5 Proven Methods 3. Effective Ways to Handle the Executive Cyberthreat 4. Managing the Cyberthreat to Executives: 5 Key Approaches 5. 5 Tactics for Managing the Executive Cyberthreat

Published on

spot_img

An urgent call to action has been issued by a new report from Ivanti that highlights a significant cybersecurity “conduct gap” between what senior executives say and what they actually do. Despite 96% of executives claiming to be supportive of their organization’s cybersecurity mandate, the report reveals that nearly half have requested to circumvent security measures, and more than three-quarters use easy-to-remember passwords. These actions, compounded by the fact that executives are highly prized targets for threat actors, pose a significant risk to organizations.

The report, which is global in nature, reveals that executives are failing to lead by example when it comes to cybersecurity. Their behavior falls well short of acceptable security practice and is notable when compared to regular employees. This is concerning given the access rights and “executive exceptionalism” that often leads them to ask for workarounds that regular employees would be denied. As a result, this makes them an attractive target for cyberattacks, with 47% of execs being a known phishing target in the past year and 35% clicking on a malicious link or sending money as a result.

It is clear that there is a need for a security-by-design or security-centric culture within organizations, where awareness of best practices and cyber hygiene permeates throughout the entire organization. However, this is almost impossible to achieve if senior leadership isn’t embodying these same values. Therefore, it is imperative for organizations to take steps to mitigate the cybersecurity risks created by their executives.

One of the first steps is to carry out an internal audit of executive activity over the past year to understand the extent of the executive conduct gap and how it’s manifest in the organization. Tackling low-hanging fruit would involve fixing the most common types of bad security practice that are easiest to address, such as updating access policies to mandate two-factor authentication for all. Additionally, it is important to help executives understand the impact of poor cyber hygiene by running training sessions using real-world scenarios and gamification techniques.

Building mutual trust with senior leadership and implementing a “white glove” cybersecurity program for senior leaders is also crucial. These steps require cultural change and will take time, but by being honest with executives, putting the right processes and controls in place, and teaching them the consequences of poor cyber hygiene, it is possible to set the organization up for success.

In conclusion, security is a team sport, but it should start with the captain. Organizations must address the cybersecurity conduct gap and instill a security-centric culture from the top down to protect against the significant financial and reputational damage that can result from executive malpractice. By doing so, they will be able to create a more secure and resilient business environment that is better equipped to defend against cyber threats.

Source link

Latest articles

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...

Researcher Discovers Ninth Windows Zero-Day Vulnerability

LegacyHive: An Emerging Local Privilege Escalation Vulnerability In a recent turn of events in the...

Proton Introduces Business Continuity Service to Ensure Communication During Outages

Swiss encrypted communications provider Proton has recently introduced a dedicated business continuity service aimed...

Surge in Compromised Logins Becomes the Primary Entry Point for Ransomware

Identity-Based Attacks: A Growing Threat in Cybersecurity Identity-based attacks and the exploitation of compromised credentials...

More like this

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...

Researcher Discovers Ninth Windows Zero-Day Vulnerability

LegacyHive: An Emerging Local Privilege Escalation Vulnerability In a recent turn of events in the...

Proton Introduces Business Continuity Service to Ensure Communication During Outages

Swiss encrypted communications provider Proton has recently introduced a dedicated business continuity service aimed...