The popular image of a cybersecurity breach involves a "Mr. Robot" hacker who exploits weaknesses in otherwise impregnable IT fortresses. In real life, however, the most likely cause of a cybersecurity disaster is a clueless CEO.
According to a global study of the data practices of senior managers in large organizations and senior managers, conducted by the data-security firm Code42:
Three quarters (75 percent) of CEOs and more than half (52 percent) of business decision makers admit that they use applications or programs that are not approved by their IT department.... This is despite 91 percent of CEOs and 83 percent of [decision makers] acknowledging that their behaviors could be considered a security risk to their organization.
In fact, almost half (42 percent) of these executives believe that losing all the data stored on their devices would "destroy their business."
In addition, since the advent of smartphones, most CEOs now use email directly. Because they're usually among the least tech-savvy people in their organization, CEOs are obvious targets for spear-phishing--personally targeted emails that link to malware.
In fact, CEOs have become such proverbial "fish in a barrel" for spear-phishing that most hackers don't even bother using fancy exploit kits any longer, according to Symantec.
Why are CEOs and top decision makers willing to put their entire company at risk? Simple.
Four out of five CEOs and two-thirds of decision makers say they use these unauthorized solutions to "ensure productivity," according to the Code42 study. In other words, they rate their convenience higher than the livelihood of their workers, the interests of their investors, and the financial security of their customers. Jerks.
Not surprisingly, when asked which corporate initiative has the "highest priority," a measly 5 percent of C-suiters selected "protecting against cyberattacks," a lower rating than
- "growing internationally" (16 percent)
- "acquiring new customers" (16 percent)
- "ensuring regulatory compliance" (13 percent)
- "reducing costs" (11 percent)
In fact, the only "highest priority" that scored lower than cybersecurity was...wait for it..."hiring and keeping the best people," at a minuscule 3 percent!
Why am I not surprised?
To recap, almost ALL big company CEOs--themselves primary targets for hackers--consider cybersecurity and their employees--including those responsible for cybersecurity--as their lowest priorities.
So, if you wondered how something like Equifax could happen, wonder no more.
Ditto with all the other huge cybersecurity scandals.
Now, just in case you forgot, the average salary for CEOs at the largest companies in the U.S. is $15,600,000 a year, which is 271 times higher than the $58,000 paid to the average employee, according to CNBC.
Oh, and by the way, those exact CEOs--the boneheads personally responsible for cybersecurity leaks--will be the biggest beneficiaries of the currently proposed "tax reform" winding its way through Congress, according to Business Insider.
Here's my question: How long will we--the business press and its readers--continue to lionize and idolize these big company CEOs as if they're heroes to emulate rather than parasites who need to be taken down a few pegs?