When it comes to high-level executives, the rules of the game often change. They are used to ask for exceptions to be made for them, backdoors to be opened and a whole different set of rules to be applied. This is what turns them in one of the biggest threats to corporate security.
According to Jayson Street, CIO and managing partner of Stratagem 1 Solutions, senior executives often circumvent security rules and policies to suit their needs and whims at the expense of security. The negative effect is that the special treatment leads to enabling cybercriminals to easily gain access to corporate networks by impersonating as management personnel. That is why, because of their systems privilege and access rights, they become ideal targets for all those wanting to hack into corporate networks.
“[Hackers are] not going after the bank teller, [they are] going after the bank president, because the tellers have USB drive rights deactivated, they have controls on where they can go on websites.” Street recounted how he was able to access the server room of a hotel simply by gathering information through social networks such as LinkedIn and Twitter of the owner, then sending an email to the access control personnel masquerading as the CEO of the tech support organisation. When the staff was later asked why he allowed Street access, he said: “Because [the boss] sends email messages like these all the time! He asked, and he’s the owner — you have to let him do what he wants.”
What can companies do to stop turning their top dogs into easy targets? Jayson Street recommends that IT security experts should stop enabling them and instead explain how fast they can become victims of cybercriminals. Lower rank employees should also be encouraged to report abnormal behaviors in order to maintain a safe environment. Also, educating all users about how and social engineering, impersonation, identity theft and other such menaces occur could also prove to be very effective.