Page 22 - Insurance Times October 2019
P. 22
2. Viewing cyber security as the responsibility of the
Information Technology Deptt.
3. Believing security threats are external and not internal
or accidental
4. Thinking a cloud provider is responsible for backup and
security of all information
5. Failing to use cloud hosted email securely
Most executives make these five mistakes, according to the
report. Senior executives fail to realize that they are prime
targets for cybercriminals, which is potentially a result of
their view that cyber security is an IT responsibility that
doesn't have anything to do with their executive positions.
IT security has now become the remit of all individuals,
cybercrime continues, organisations must be increasingly
especially those in the highest positions of each
vigilant and increasingly well-equipped technologically, to
protect themselves from sophisticated attacks. In this way, department and senior executives need to take ownership
for IT security best practices in their day-to-day behaviour.
digital transformation becomes both a critical contributing
Another common mistake among senior executives is that
factor in the problem of growing cyber risks today-and a
critical resource for solving it. they believe cyber security threats are attacks that happen
to the business by some external malicious actor rather
than being the result of internal threats or accidents.
IT managers need endpoint detection and response (EDR)
technology that exposes threat starting points and the
Many top executives also reportedly believe that a cloud
digital footprints of attackers moving laterally through a
provider is responsible for the backup and security of all
network. On average, Indian organizations that investigate
information, though they fail to use cloud hosted email
one or more potential security incidents each month spend
securely. However, cybercriminals know that top executives
48 days a year (four days a month) investigating them.
often have privileged access to company information, so
Senior executives are the weakest link in hackers intentionally target their personal accounts.
Professional hackers and adversaries will usually do a
the cyber security chain thorough investigation into a senior executive or board level
A new report 'Are you the weakest link? How senior director, including full analysis which could entail in-depth
executives can avoid breaking the cyber security chain' from monitoring of the company website and associated social
The Bunker, a UK cloud security firm, finds that despite media accounts.
their high-ranking positions, senior executives are
reportedly the weak link in the corporate cyber security Reviewing corporate policies, with a focus on people,
chain. According to the report, many senior executives premises, processes, systems and suppliers will provide
ignore the threat from cybercriminals and often feel that valuable insights into which areas to improve, and by
security policies in their respective organisations do not championing a 'security first' corporate culture,
apply to their unique position. The report finds that cyber- organisations and their senior executives will be well
criminals often target this known vulnerability and finds the positioned to avoid the high financial costs, reputational
senior executives guilty of a bit of grandiosity who disregard damage and unexpected downtime that could result from
cyber security threats and policies. a cyber-attack or data breach.
The top five mistakes with respect to Are 'silent' cyber-risks really silent?
cyber security Allianz Global Corporate & Specialty's winter/spring 2019
1. Not realising they are a prime target for cybercriminals edition of Global Risk Dialogue speaks about 'silent' cyber
22 The Insurance Times, October 2019
