Executives' social media accounts put enterprises at risk
Information security often focuses on what's going on within the enterprise perimeter, but as businesses invest more in executive communication programs, there are risks which are sometimes overlooked.
According to a new survey from SafeGuard Cyber oversight of executive social media use is lacking, record-keeping is often manual, and the responsibility for risk management isn't clear.
The results show 56 percent of respondents say the role of executive communications will 'increase in importance of priority' during 2021, following the events of 2020. When it comes to cyber risks, a third of enterprises are most afraid of impersonation or fake accounts. And a quarter of respondents are most worried about the possibility of an account takeover.
Enterprises do recognize the consequences of a cyberattack on their executive leaders' social accounts. In the event of an account compromise, 70 percent of respondents say their company would suffer brand or reputation damage, while half predict risk to shareholder value.
Yet despite this awareness of the risks, 43 percent of enterprises polled say they currently have no protective oversight of executive social media activity. There's confusion over where responsibility lies, 43 percent report that executives operate their social media channels independently. 27 percent say ownership rests with PR/corporate communications, 14 percent say there are 'multiple owners' and 11 percent put ownership with the CMO.
When asked about responsibility for protecting executive accounts there's similar doubt, 29 percent say the CISO, 28 percent marketing/communications, 20 percent outsource this function to an agency and 16 percent cite 'multiple owners,' with seven percent not knowing who is responsible.
"The organizational risk exposure from bad actors breaching executives' social accounts is high and getting worse every day. We were surprised to see some of the results of this survey, as they demonstrate a clear understanding of the risks, but a lack of substantive action to mitigate them," says Jim Zuffoletti, CEO and co-founder of SafeGuard Cyber. "Organizations typically have a robust infrastructure to keep hackers and other bad actors out of their company systems, but often ignore third-party communication apps and social media accounts. Executives' accounts can be manipulated by takeovers or fake accounts, leading to tremendous brand damage, a loss of proprietary information, stock manipulation, and more. This should be a wake-up call to companies that their executives' accounts have to be protected as dearly as their company networks and data."
The full survey is available on the SafeGuard Cyber site.