How executives’ personal devices threaten business security
Today, individual people – not businesses or government entities as a whole – are the primary targets, or entry points, for all major cyberattacks, according to Agency.
Yet, while the cyber threat landscape has seen this major shift, security software to manage these direct personal risks has not kept up to protect public-facing individuals and leaders the way large enterprise organizations have.
Major breaches linked to targeting individuals
Over the past few years, we’ve seen these types of major breaches at LastPass, Colonial Pipeline, Microsoft, and more. In each case, individuals within the company were targeted directly by attackers on their personally owned devices. Techniques and exploits vary, but the trend is clear: motivated attackers know the right individual people they want to go after to get to their larger organizational goal, and they’ll use any means necessary to be successful.
Knowing that executives and public-facing leaders are often the targets for “Employee-Targeted Digital Risks,” or cyber attacks targeting individual employees.
Overall, the findings showed that most executives are using their personal devices for work, creating a “backdoor” for cybercriminals to access large enterprise organizations.
For example, 97% of respondents access work accounts on their personal devices and 95% use personal devices for work-related multifactor authentication, creating unexpected risks as their personal devices are now being used as a work device by their employer for second-factor authentication in order to access sensitive company data.
Personal devices create opportunities for bad actors
74% of respondents send work-related messages, like emails or texts, from their personal devices “frequently/often,” creating tremendous opportunities for bad actors to access their accounts through scams and phishing emails. To that end, 50% of executive respondents reported receiving work-related scams in their personal emails.
As a result, 33% reported being victims of data theft via scam, indicating that it’s imperative to protect leaders’ personal devices not only to protect their individual data but to protect against bad actors accessing the companies they are in charge of through unknown “backdoors.”
89% of respondents say companies should provide cybersecurity software for employee’s personal devices. However, 80% say that employers monitoring the use of their personal devices would be an invasion of privacy. Conversely, 73% of respondents would allow employers to install cybersecurity software on their personal devices, even if it meant they could see all their activity.
In summary, report shows that a vast majority of executives are using personal devices for work – exposing their companies to serious risks. As a result, leaders want companies to protect their personal devices – but only if done so with privacy in mind.