[Reading time: 52 seconds]
“49% of [executives] have requested to bypass one or more security measures in the past year. [..]The unequal power dynamic between security teams and top executives exacerbates the problem. [..] When the boss (or the boss’s boss) asks for a favour or workaround against protocol, security employees are understandably uncomfortable pushing back.”
This is according to a recent report by Ivanti* on the security behaviours of executives, which also states:
- 35% of execs admit to clicking on phishing links or sending money, compared to 8% of all other workers.
- Almost 20% of execs have shared their password with someone outside of the organisation (e.g. spouse; child), compared to 5% of other workers.
- 27% of execs allow family members or friends to use their work devices at least monthly, compared to 6% of other workers.
There are many angles I could take here. But I’ll stick to 2:
- How many of your security measures allow exceptions, and when were these exceptions last reviewed by an independent party to ensure they are appropriate?
- Do you provide tailored security awareness training and support to your executives, in a ‘safe environment’ that enables executives to ask ‘stupid’ questions?
What do you think?
What else can we do to ensure executives are not our biggest security weakness?
PS Credit to Cyber Rescue Alliance for sharing Ivanti’s report on LinkedIn.