C-suite executives are the people most susceptible to mobile-based cyber-attacks in businesses, according to a study from MobileIron. The report, entitled Trouble at the Top found that while these executives are highly targeted by cyber-criminals in attacks on organizations, they are also more likely than anyone else to have a relaxed attitude to mobile security.
In the analysis, research from 300 enterprise IT decision makers across Benelux, France, Germany, the UK and the US was combined with findings from 50 C-level executives from the UK and the US. It revealed that many C-level executives find mobile security protocols frustrating, with 68% feeling IT security compromises their personal privacy, 62% stating it limits the usability of their device and 58% finding it too complex to understand.
As a result of these issues, 76% of C-suite executives had asked to bypass one or more of their organization’s security protocols last year. This included requests to: gain network access to an unsupported device (47%), bypass multi-factor authentication (45%) and obtain access to business data on an unsupported app (37%).
“These findings are concerning because all of these C-suite exemptions drastically increase the risk of a data breach,” commented Brian Foster, SVP product management, MobileIron. “Accessing business data on a personal device or app takes data outside of the protected environment, leaving critical business information exposed for malicious users to take advantage of. Meanwhile, multi-factor identification – designed to protect businesses from the leading cause of data breaches, stolen credentials – is being side-stepped by C-suite execs.”
To exacerbate this issue, IT decision makers included in the study overwhelmingly stated that C-suite is the group most likely to both be targeted by (78%), and fall victim to (71%), phishing attacks.
Foster added: “These findings highlight a point of tension between business leaders and IT departments. IT views the C-suite as the weak link when it comes to cybersecurity, while execs often see themselves as above security protocols.”