CISO: Do as I say, not as I do

Sheila Zabeu -

June 01, 2021

Cybersecurity leaders in companies may not be practicing what they usually charge their subordinates. The revelation was made by a survey that sought to identify behaviors of those responsible for guarding the boundaries of companies that may be under threat, especially when it comes to social media as a vector of attack.

The results showed that 57% have experienced in their personal routines ATO (Account Takeover) type attacks — which usually steal an identity to gain unauthorized access to their accounts — most often through email (52%), but also LinkedIn (31%) and Facebook (26%). Around a quarter (24%) of respondents also use the same password for professional and personal tasks. And nearly half (45%) of cybersecurity leaders expose themselves by connecting to public Wi-Fi networks without using a VPN.

Among other highlights of the study are the following points:

  • Cybersecurity leaders are frequent targets of phishing attacks, with the perpetrators often posing as CEOs. The number of such attacks grew by 667% during the Covid-19 pandemic, relying on a variety of tactics. Nearly three-quarters of leaders surveyed said they had been targets of phishing or vishing attacks (which involve the use of voice calls). A third (34%) commented that someone impersonating the CEO during the attack. And 28% reported having no special security measures in place to protect their executives from cyberattacks.
  • Cybersecurity leaders often use work devices to connect to personal social networks. Almost half (48%) of respondents use their computer at work to access social networking platforms. In addition, 77% of cybersecurity leaders often accept invitations from unknown people, especially on LinkedIn (63%).
  • Password carelessness among cybersecurity leaders. Nearly one in four cybersecurity leaders uses the same password in their professional and personal routines. In addition, 39% reported that they hadn’t changed their professional email passwords in the past 30 days.
  • Most organizations do not monitor potential threats to their brand on social media. Over 50% of respondents do not have formal policies or processes in place to monitor the digital public sphere, including social media, blogs, and forums, to protect against harmful impacts against the organization’s brand or reputation.

The survey interviewed more than 100 global cybersecurity leaders, from senior level to C-suite members, in industries such as financial services, technology, healthcare, retail, and telecommunications.

Related Article

New Bluetooth vulnerability could break privacy
Sheila Zabeu -

November 25, 2022

Industry 4.0 Zero Trust strategies need to address OT environments
Sheila Zabeu -

November 14, 2022

segurança digital dos dados CISA presents cybersecurity targets for critical infrastructure
Sheila Zabeu -

November 03, 2022

Circuito e Bloqueio Google to improve software supply chain security
Sheila Zabeu -

November 03, 2022

European quantum communications network Europe to launch satellite for quantum cryptography
Sheila Zabeu -

October 18, 2022

Cyber Attack Senior leadership needs to be more engaged in cybersecurity strategies
Cristina De Luca -

October 13, 2022

Cloud Security Cloud security: whose responsibility is it?
Sheila Zabeu -

October 05, 2022

Security concept Your backlog of vulnerabilities could be in the thousands
Sheila Zabeu -

September 19, 2022

You need to subscribe, before you can post a message

Subscribe