fbpx

CEO Disconnect On Cybersecurity Increases Risk Of Breaches

by | Mar 21, 2018 | BLOG, Forbes Coaches, TECHNOLOGY, Trending

Shutterstock

The past year was full of high-profile headlines about companies experiencing sensational malware breaches.

The so-called cyberworm WannaCry, for example, attacked Microsoft systems, infecting 200,000 computers overnight, hitting 150 countries and affecting much of Britain’s National Healthcare System. Other ransomware attacks, such as Petya, NotPetya and BadRabbit, grabbed the media’s attention, too — and even more destructive variants became frontline weapons for state actors.

It’s not surprising, then, that CEOs cite malware as the most important cybersecurity risk threatening their organizations’ success, according to a new survey of 800 senior executives by Centrify and Dow Jones Customer Intelligence.

However, technical officers (TOs) on the front lines (CIOs, CTOs and CISOs) see identity breaches as the biggest threat, including privileged user identity attacks and exploiting default, stolen or weak passwords. In the survey, 42% of TOs pointed to identity breaches as a primary threat compared with only 35% citing malware.

The Danger Of Disconnect

This misalignment within the C-suite is creating undue risk exposure and leaving organizations ill-prepared to stop the majority of breaches because their security strategies and investments are not aligned to combat the primary threats they are facing.

In fact, the study found that 60% of CEOs expect to invest the most in protecting against malware rather than identity security solutions that protect against privileged access abuse and stolen passwords. These misinformed investment decisions pose a significant risk to organizations. Because CEOs don’t perceive the real cyber threats to their organizations, many have misplaced confidence in their ability to protect against breaches.

Other perceptions about cybersecurity breaches are at odds, too. There is no starker example of the disconnect than this: 68% of executives whose companies have already been breached acknowledged that it most likely would have been prevented with identity and access protection, versus only 8% who claimed endpoint controls would have been effective at stopping the breach.