Global cybersecurity leaders may not be practicing what they preach after new research revealed that many are engaging in risky behavior online.
Constella Intelligence polled over 100 global IT security bosses across multiple verticals to compile its latest report, Cyber Risk in Today’s Hyperconnected World.
It revealed widespread poor security practice: a quarter (24%) admitted to using the same passwords across work and personal use and nearly half (45%) connect to public Wi-Fi without using a VPN.
Public Wi-Fi is thought to be so dangerous that the FBI regularly warns the public not to connect when out-and-about.
A similar number (48%) of CISO respondents said they use their work computer to log-in to social networking sites and 77% accept friend requests from people they don’t know, including LinkedIn (63%).
According to MI5, foreign spies have contacted over 10,000 British citizens via LinkedIn over the past five years, using fake profiles.
“The consequences of engaging with these profiles can damage individual careers, as well as the interests of your organization, and the interests of UK national security and prosperity," the government said in a recent awareness campaign.
Security leaders continue to engage in risky behavior even though attacks targeting them increase.
Over half (57%) have suffered an account takeover (ATO) attack in their personal lives — mainly through email (52%) LinkedIn (31%) and Facebook (26%). Nearly three-quarters (74%) said they’d been targeted by a phishing or vishing attack in the past 90 days. In a third (34%) of cases, threat actors impersonated their CEO, according to the report.
“Amidst the rise in cyber-attacks on organizations, many of which are perpetrated through C-suite impersonations, employee cybersecurity awareness is now arguably as important as an organization’s security infrastructure,” said Constella Intelligence CEO Kailash Ambwani.
“As the professional and personal spheres become increasingly digitally intertwined, both leaders and employees must pay close attention to the role each one of us plays in collective cybersecurity hygiene.”