72% of U.S. senior executives have been targeted at least once by a cyberattack in the last 18 months according to GetApp’s latest C-Suite Cybersecurity Report.
The higher you climb the corporate ladder, the higher the chance you’ll be the target of a cyberattack. At least, that was the conclusion drawn from GetApp’s 2024 C-Suite Cybersecurity survey results, which included insights from nearly 3,000 cybersecurity professionals across 11 different countries.
Cybercriminals know that the money, data and control they seek can be found more quickly at the top of organizations, so it’s more crucial than ever to offer robust cybersecurity training to C-Suite executives.
But does that always happen?
Even if the answer is no, your organization can get on the right track by taking the time to review these 3 key insights from the report.
When Cybersecurity Training Goes Down, Cyberattack Vulnerability Goes Up
Unfortunately, but not surprisingly, there’s a correlation between a lack of cybersecurity training and increased vulnerability to cyberattacks, especially at the senior executive level.
When cybersecurity training is prioritized for leadership personnel, the likelihood of them falling victim to a cyberattack decreases. And while this group of individuals is particularly busy, training shouldn’t be an afterthought. In fact, 86% of GetApp’s survey respondents agree that senior executives need more frequent and specialized training than other employees.
And most do. 69% of U.S. senior executives received additional cybersecurity training compared to other staff members. However, 37% of senior executives globally are not being provided with more advanced training, putting them and their organizations at an increased risk.
The Cybersecurity Training Target is Constantly Moving
Even if your organization does offer specialized training for your senior leadership team, the tactics and attack methods used by threat actors are getting increasingly sophisticated. While malware and phishing attacks are the primary ones to watch out for, the danger posed by newer threats is growing.
The risk of AI-generated deepfakes and individualized social engineering attacks such as “whaling” – a highly nuanced attack on high-value targets such as C-level executives – are growing in complexity and scale. Now more than ever, cybersecurity training should be prioritized and updated consistently to increase awareness and bring in new insights so senior leadership can have the knowledge they need to stay up-to-date on the evolving attack methods that may be used against them. It’s not a matter of if, but when it will happen to them.
Preparation is Key for Handling Cybersecurity Risks
While staying on top of cyber threats is important, knowing everything is impossible, even for the most seasoned and cautious professionals. Nevertheless, there are key steps your organization can take to make sure your cybersecurity program effectively prepares those at the top to make the right decisions when presented with threats.
- Focus training on the current threat landscape: It’s crucial for C-Suite executives to receive training on the tactics that could be used against them, so they can recognize what a targeted attack might look like aimed at someone in a more senior role.
- Safeguard image and personal data: The higher up a person is in the organization, the more information there is about them online. Training on the ramifications of this is important because C-Suite executives need to be aware of what they should and shouldn’t share online – and how public data can be weaponized against them. They should know to enable MFA, where possible, and not reuse passwords for multiple accounts, whether work or personal.
- Stress the risk factors: High-value transactions are carried out by higher-ups and while they should be empowered to make those decisions, they should also be trained on the risks those types of transactions yield. This might include procedures to recognize whether a video call is a deepfake or not, or how to scan transactional documents for signs of fraud.
- Emphasize appropriate usage of organizational information: Organizational information should be kept separate from personal information. While those lines are blurred in today’s world because we use our phones for everything we do, it’s important to train executives on how to recognize secure Wi-Fi networks when traveling for business or pleasure and to be able to identify insecure apps or malware.
Your organization can only do so much to protect your proprietary data but stressing the importance of cybersecurity at all levels and taking the time to continually refine your approach to improve cyber hygiene, including how cybersecurity topics are trained, give your organization better odds at staying secure…
As every cybersecurity professional knows, you’re only as strong as your weakest link; don’t let it be your people!
Stay safe out there!
Disclaimer: It is important to note that the data referenced is from IT and cybersecurity professionals in 11 countries who chose to disclose incidents and cybersecurity training information as part of GetApp’s 2024 Executive Cybersecurity survey.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.
To learn more, visit our dedicated Cybersecurity page.
