Executives are disconnected from reality when it comes to IT and security.
Top leaders seem particularly inclined to do things their IT departments warn against, such as opening email from unfamiliar senders, or clicking on links.
During ... simulated attacks, top executives are 25% more likely to click on the links that in a real attack could install malware. One reason ... is that most senior leaders skip company programs on developing cautious email habits.You can visit this WSJ page below for the full article and attribution.
But wow. What a cyber Achilles Heal we've got if the folks with access to the most important, most sensitive info in our companies are the easiest to scam into coughing it up.
Now pair these statements (like pairing wine with food) with my own recent experience with a large North American electric sector organization. Security staff acknowledged they had self phished the company once and found a strong correlation with elevated rank and dangerous behavior.
As in, senior management personnel were much more likely than others lower down in the organization to click on the dumbest things, and even fill out and submit forms requesting login credentials, etc. The results were so damning there weren't sure they'd do it again.
Let me repeat and underline that last part: execs were more likely to fill out and submit forms requesting login credentials, etc.
This is pretty alarming, even for a non-alarmist. Time to wake em up or throw in the towel. Let's go for the former.
Full article here: http://online.wsj.com/article/SB10001424127887323463704578497592337997354.html?KEYWORDS=%22security%22
Image credit: v3im.com