Addressing the C-suite Access Issue
December 10, 2019
One of the biggest challenges security teams face is resolving the issue of human error, especially when it comes to senior executives. We all know that human error is by far the biggest cause of cybersecurity breaches – people clicking on links in emails that they shouldn’t. We also know that the higher up the individual, the bigger the risk.
The 2019 Verizon Data Breach Investigations Report outlined that senior executives are 12 times more likely to be the target of social engineering-related incidents, and nine times more likely to be the target of social engineering breaches. Given these facts, common sense would dictate that these senior employees should be subject to proportionately more security controls and security training. In reality, the opposite is often the case.
The security team is finding itself between a rock and a hard place, due to myriad of factors that make the C-suite a difficult group to work with. It starts with historical access. The C-suite will have been given access in the past to a number of sensitive systems, on the assumption that their authority and remit requires highly privileged access.
You can read the full article by Infosecurity here.