[Reading time: 52 seconds]
“49% of [executives] have requested to bypass one or more security measures in the past year. [..]The unequal power dynamic between security teams and top executives exacerbates the problem. [..] When the boss (or the boss’s boss) asks for a favour or workaround against protocol, security employees are understandably uncomfortable pushing back.”
This is according to a recent report by Ivanti* on the security behaviours of executives, which also states:
- 35% of execs admit to clicking on phishing links or sending money, compared to 8% of all other workers.
- Almost 20% of execs have shared their password with someone outside of the organisation (e.g. spouse; child), compared to 5% of other workers.
- 27% of execs allow family members or friends to use their work devices at least monthly, compared to 6% of other workers.
So what?
There are many angles I could take here. But I’ll stick to 2:
- How many of your security measures allow exceptions, and when were these exceptions last reviewed by an independent party to ensure they are appropriate?
- Do you provide tailored security awareness training and support to your executives, in a ‘safe environment’ that enables executives to ask ‘stupid’ questions?
What do you think?
What else can we do to ensure executives are not our biggest security weakness?
~~~~
PS Credit to Cyber Rescue Alliance for sharing Ivanti’s report on LinkedIn.