Turn off the security please, I'm the boss
The C-suite is the most likely group within an organization to ask for relaxed mobile security protocols (74 percent) -- despite also being highly targeted by cyberattacks according to a new study.
The report from zero-trust platform MobileIron finds that executives feel frustrated by mobile security protocols and often request to bypass them.
More than two-thirds (68 percent) of C-level executives say IT security compromises their personal privacy, while 62 percent say security limits the usability of their device, and 58 percent claim IT security is too complex to understand.
More concerning is that 76 percent of C-level executives admit to requesting to bypass one or more of their organization's security protocols last year. Of these, 47 percent have requested network access to an unsupported device, 45 percent requested to bypass multi-factor authentication (MFA) and 37 percent requested access to business data on an unsupported app.
"These findings are concerning because all of these C-suite exemptions drastically increase the risk of a data breach," says Brian Foster, SVP product management at MobileIron. "Accessing business data on a personal device or app takes data outside of the protected environment, leaving critical business information exposed for malicious users to take advantage of. Meanwhile, MFA -- designed to protect businesses from the leading cause of data breaches, stolen credentials -- is being side-stepped by C-Suite execs."
It may not be so surprising then that 78 percent of IT decision makers say that the C-suite is the most likely to be targeted by phishing attacks, and 71 percent claim the C-suite is most likely to fall victim to such attacks. In addition 72 percent of IT decision makers claimed the C-suite is the most likely to forget or need help with resetting their passwords.
"These findings highlight a point of tension between business leaders and IT departments. IT views the C-suite as the weak link when it comes to cybersecurity, while execs often see themselves as above security protocols," adds Foster. "In today's modern enterprise, cybersecurity can't be an optional extra. Businesses need to ensure they have a dynamic security foundation in place that works for everyone within the organization. This means that mobile security must be easy to use, while also ensuring that employees at every level of the business can maintain maximum productivity without interference, and without feeling that their own personal privacy is being compromised."
You can get the full survey results on the MobileIron site.