Corporate cybersecurity: what if leaders were the weakest links in the IT security chain?
Recently, a study was conducted on the behaviour of business leaders and safety hygiene practices.
Whether in Europe or the United States, it has been discovered that the majority of business leaders do not want where tend to not respect the constraints associated with the need for security. They even tend to oppose their employees in charge of cybersecurity issues. This makes them, in a sense, the weak link in the security chain.
This article will also interest you: Make businesses aware of IT security
It is not uncommon to see computer system managers or even computer system security officials complaining about the behavior of executives. It is not uncommon for business leaders to force their IT experts to often make changes or improvements to the IT system under unsuitable conditions. These behaviors, which literally go out of the line defined by the company's security policies, only further expose the company's computer park. Loïc Duval, a journalist, confirmed this: "We often hear CIOs and RSSIs complaining that, under pressure from their managers, they have had to urgently integrate technology or to incorporate into the network "quickly" the latest terminals that are absolutely not aligned with the company's security policies. ».
In a MobileIron study (including the title "Failures at the Top" for Trouble at the Top in English), 76% of business leaders routinely ask the head of security or IT systems managers to allow them to circumvent certain rules governing the company's cybersecurity. And this has been observed over the last 12 months. A little more precisely, that 47% of the executives wanted to access against the rules, to the network to carry out an action that was not initially supported by it, not to mention that 45% of them had, at least once, to ask to circumvent Multi-factor authentication. 37% of executives attempted to access business data from an application or terminal that was not originally approved by the network or the Director of Computer Security.
Moreover, while 60% of computer attacks directly affect or target only top management companies, 68 percent of company executives believe that the security policies deployed by their companies are invasive. In addition, 58% said they did not fully understand how these security policies work because they are too complicated for them, while 62% felt that these rules affected their mobility.
On the one hand, the study was conducted nearly 300 RSSI and CIO and nearly 50 top management companies, spread across 5 states, including Germany, the United Kingdom, the United States and Benelux. To globalize, the study clearly highlighted one thing: Business leaders are not at all comfortable with safety rules. But not everything is as negative as it seems. In fact, 84% of executives who were approached acknowledged their responsibilities to their company's cybersecurity. The same responsibility that makes them understand, they are much more exposed to computer attacks than an ordinary collaborator. But rehabilitation may take a long time with the risks that are still going on. Because 78% of IT security managers identify their business leaders as one of the main targets of phishing technology. And this in a framework where 71% of security officials note that leaders are more vulnerable to its attacks. Brian Foster, Senior Vice President and Head of Product Management at MobileIron, said: "These findings are troubling because all of these exceptions to executives greatly increase the risk of data loss By acces[…]sing company data from a personal device or application that takes data out of the protected environment, these executives leave critical information from the company within reach of cyber-attackers. Meanwhile, multi-factor authentication – designed to protect companies from the biggest cause of data loss, namely lost or stolen identifiers – is being ruled out by these same executives! »
Now access an unlimited number of passwords: