Our Security teams have identified common challenges organisations face when dealing with Cyber Security threats. The most common and often overlooked aspect of cyber security, are people and the risks they pose across the organisation.
Whether knowingly or unknowingly, human beings are often the most common cause of IT security breaches and even if a business has robust, multi-layered IT security technology solutions in place human action can make these redundant and expose an organisation to real risk.
Ignore them at your peril – they’re often the cyber criminal’s easiest way through your technological defences.
Senior Management Team (SMT)
Typically having access to the most valuable information, Senior Management Team (SMT) members are prime cyber-attack targets. They, and their immediate support staff, such as PAs, are often unaware that they sit near the top of the cyber-criminal’s hit list, making them especially vulnerable to social engineering attacks.
The Risks
SMT members are often targeted with spear phishing and whaling attacks. Highly tailored to the target individual, these attacks are typically designed to gain access to sensitive information. Their high profile makes them easier to target with well-researched spear phishing and whaling attacks. Travelling frequently, at home and abroad, they may use insecure public Wi-Fi hotspots, putting them at risk of MITM attacks. Further compounding the risks, C-suite members are often the group of employees most likely to fail to follow established policies and procedures.
How to address the challenge – Take action
So how can senior management become an enabler of cyber security best practice as opposed to a target for attacks? Put simply, the below considerations need to be taken into account.
An effective cyber security strategy starts with an understanding of the assets you are trying to protect and the risks associated should they be exposed. For senior management it is imperative they understand these threats and the impact a breach could have on their organisation.
Understanding the threat landscape is key for senior management to ensure they are aware of the target on their backs. More importantly, as public facing members of the organisation the below needs to be considered:
-
- Effective governance and process needs to be in place with a focus on security resilience
-
- Develop a secure culture for employees by listening to concerns from staff, while also explaining the importance of complying with security practices
-
- Adopting a risk management approach to businesses processes and password management
-
- Creating an environment of security awareness and clear communication channels is a must
-
- Processes for dealing with an attack on management and steps to remediate should one happen
-
- Cyber Security Training and Email security best practices need to be top of the agenda
Assurance for the organisation
As the profile of data breaches and online compromises rise, so does its attention within the senior management team. According to Forrester, 80% of security breaches involve administrative or privileged credentials. The senior management team need assurance that staff who hold privileged credentials cannot easily be compromised. Process, reporting, visibility and management of privileged accounts needs to be seen as a solid investment towards the cyber security of any organisation.
Technology and a good process can assist
There are hundreds of security solutions and best practice security frameworks organisations can use to develop a robust security posture and help mitigate many of the risks posed by human beings inside as well as outside the organisation.
If you would like to discuss the options your organisation has when developing your security strategy our Cyber & Data security experts are on hand to answer questions and help you identify potential ways to address the risks posed. Book a ‘no obligations’ call with one of our team here.
The Complete Guide
Senior Management are just one of the user types we discuss in our complete ‘Human Factor’ guide. Find out who else in your organisation may pose a risk by downloading our full guide here.