By Dave Jeffers, IDG Creative Lab
…According to ThreatTrack Security, top executives play a major, unintentional role in helping hackers breach their companies’ defenses. ThreatTrack recently reported the results of a survey of 200 United States-based corporate malware analysts. “Among the issues that malware analysts face: more than half said they’ve had to remove malware from the device of a member of senior leadership because the executive clicked on a malicious link in a phishing e-mail, while nearly 40% had to remove malware after a senior executive visited an infected pornographic website.”
The survey was conducted last month by Opinion Matters on behalf of ThreatTrack Security.
The numbers are striking enough to make you wonder about the average intelligence of our country’s highest-paid employees. A full 56 percent of those surveyed reported that they had removed a malware infection caused by a top executive clicking on a link in a phishing email. Other common upper-management mistakes include plugging an infected device into a PC (47 percent), letting a family member use a company computer (45 percent), visiting a pornographic Web site (40 percent), and installing a malicious app (33 percent).
“The findings highlight some behind-the-scenes struggles that many malware analysts still face,” the report editorializes. “It’s hard enough trying to protect against threats coming from outside the company’s walls, but when senior executives hinder those efforts…it makes it even more difficult.”
Keep in mind that this survey doesn’t suggest that 40 percent of executives watch porn on their company computers. It simply stated that 40 percent of malware analysts, at some point in their career, have dealt with machines that had been infected that way.
But things still look pretty bad, especially when the companies want to keep these instances quiet. According to the report, “more than half of the malware analysts surveyed said they have investigated or addressed a data breach that the company did not disclose to customers, partners or other stakeholders.”
The experts trying to protect our corporations from cyber attacks have much to complain about. The report claims that “58% of malware analysts said the ineffectiveness of anti-malware solutions inhibited their ability to defend their organization, and 40% said they just don’t have enough highly-skilled personnel on staff to effectively combat cyberattacks.” The skill-set problem will likely get worse; see our previous article, Turns out young people want to be actors, not cyber security professionals.
And, not surprisingly considering the lax security behavior of many executives, they’re not always helped by upper management. “Only 21% cited that they don’t get enough support from executive leadership to fight malware, and only 18% said they don’t have enough budget to do so.”
Stories like this may make you reluctant to keep personal data on your office PC, but there are ways to protect yourself. Personal cloud devices like WD’s My Cloud are designed to keep your files both handy and protected, and most certainly out of reach of smut-seeking coworkers who share your office network.
You can’t expect everyone who uses a computer to be a security expert. But everyone needs to learn a few precautionary habits, especially those at the top of the corporate food chain.