Cybersecurity leaders lacking basic cyber hygiene

Constella Intelligence released the results of a survey that unlocks the behaviors and tendencies that characterize how vigilant organizations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge.

The findings from the survey, which polled over 100 global cybersecurity leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).

Cybersecurity leaders not paying much attention to cyber hygiene

24% of respondents have used the same password for both work and personal use, while the survey also found that 45% of cybersecurity leaders are putting themselves at risk by connecting to public Wi-Fi without using a VPN.

“More than ever before, individuals and companies alike need to ensure that a robust and secure environment is in place,” said Constella Intelligence CEO Kailash Ambwani.

“Amidst the rise in cyber attacks to organizations, many of which are perpetrated through C-suite impersonations, employee cybersecurity awareness is now arguably as important as an organization’s security infrastructure. And as the professional and personal spheres become increasingly digitally intertwined, both leaders and employees must pay close attention to the role each one of us plays in collective cybersecurity hygiene.”

Cybersecurity leaders not vigilant enough

• 48% of cybersecurity leaders use their work computer to log on to social network platforms. Further, 77% are willing to accept connection/friend requests from unknown individuals—especially on LinkedIn (63%).
• 74% of cybersecurity leaders reported being targeted in a phishing or vishing attack in the last 90 days. 34% say they have been targeted in a phishing or vishing attack from someone impersonating their CEO.
• More than 50% of companies surveyed have no policy or process in place to monitor the digital public sphere for threats against their brand or brand reputation.