Given the meteoric rise of users engaging daily on social media platforms, the need to secure accounts has become essential for both companies and individuals. However, some activities that now seem natural due to the ubiquity of social media in our work and professional lives—like accepting connections from unknown individuals or profiles or accessing personal social media accounts from work devices—can increase vulnerability. In today’s digital era, cybersecurity leaders must be the most vigilant users in their organizations. They are required to protect continuously expanding attack surfaces as cybercriminals look to gain access to sensitive personal and work-related data through sophisticated tools. Though temporary, unauthorized access to such accounts can trigger a domino effect that can devastate an entire organization. Yet, alarming shortfalls in cybersecurity leader cyber hygiene remain. We recently surveyed 100+ global cybersecurity leaders across all major industries—including financial services, technology, healthcare, retail, and telecommunications—in organizations ranging from 1,000 to 10,000+ employees. Our survey, ‘Cyber Risk in Today’s Hyperconnected World’, aims to understand the behaviors and tendencies that characterize how vigilant organizations’ leaders are when it comes to reducing cyber vulnerability in their personal and work digital lives.
Key findings from the survey include:
· Cybersecurity leaders are frequent targets of phishing attacks, with perpetrators often impersonating as CEOs. Close to three-quarters (74%) of cybersecurity leaders report being targeted in a phishing or vishing attack; alarmingly, one-third (34%) say they have been targeted in a phishing or vishing attack from someone impersonating their CEO.
“Close to three-quarters (74%) of cybersecurity leaders report being targeted in a phishing or vishing attack”
· Cybersecurity leaders frequently use work devices to access social networks for personal use. Almost half (48%) of the cybersecurity survey respondents use their work computers to log on to social network platforms. Moreover, 77% of cybersecurity leaders are willing to accept connection/friend requests from unknown individuals, especially on LinkedIn (63%), increasing vulnerability.
· Password hygiene amongst cybersecurity leaders is lacking. 1 in 4 cybersecurity leaders has used the same password for both work and personal use, while 39% say they have not changed their work email passwords within the last 30 days. The survey also found that nearly half (45%) of cybersecurity leaders connect to public Wi-Fi without using a VPN, putting themselves and their entire organizations at risk.
· Most organizations do not monitor social media for threats against their brand. More than half of respondents do not have a formal policy, process, or partner to monitor the digital public sphere—including social media, blogs, forums, or other spaces where threats to brands and executives commonly emerge—for threats that can ultimately have a damaging impact on brand and brand reputation.
“Most organizations do not monitor social media for threats against their brand”
Constella’s analysts continuously stay on top of the latest trends in the digital ecosystem—spanning the surface, deep, and dark web. Our team has significant experience in understanding exactly how threat actors leverage social media platforms and patterns of human behavior to access sensitive personal data or gain entrance into corporate networks. The 2021 survey report signals two key realities.
First, habits—ranging from password hygiene to the nature of social media or device usage—resulting from tendencies of human behavior and patterns in which we all engage, can create real vulnerabilities for organizations.
Second, there are multiple trends that characterize the risk that organizations must address. While some of these trends imply risks that emerge from outside of the control of the organization (e.g., the rapidly changing tactics of threat actors), other risks can be anticipated and mitigated through concerted actions and investments, such as improving proactive, real-time brand and reputational intelligence.
Constella Intelligence partners with organizations across the globe to help anticipate, identify, and remediate targeted threats to your people, your assets, and your brand. Learn more about how Constella can help defend your organization from digital threats and reputational risk here.
Download the complete findings of ‘Cyber Risk in Today’s Hyperconnected World’ here.