A cyber risk security assessment of Fortune 100 Company executives conducted by PiiQ Media found a significant amount of exposed Personal Identifying Information (PII) including email, relationship and password information on social media platforms. This information gives attackers valuable intelligence that they can use to craft sophisticated spear phishing attacks, which account for more than 80% of reported breach incidents.
Most cyber-attacks are relatively unsophisticated and are successful because of poor cyber hygiene practices by individuals and organizations. Organizational shortcomings such as insufficient awareness levels of employees in good cyber hygiene, or weaknesses in patching cadence (which was the cause behind last week’s Ransomware breach of a German hospital that led to the death of a patient who was diverted away from the impacted hospital) are evidence of poor cyber governance.
More effectively dealing with these basic issues would result in material improvements in cyber security that would in turn lower the downside financial risks associated with breaches and generally poor technology management. This is only increasing in importance with the accelerated corporate reliance on digital technology to function and grow.
Indeed, many cyber breaches are the result of weaknesses in ‘people and process’ issues such as these, rather than the result of deficient hardware or software. Twitter’s July breach is a recent high profile example of how persistently weak internal controls and procedures leave companies open to attack. As CEOs become more personally liable for cyber breaches, these internal weaknesses will receive more attention internally, but as the linked survey indicates, there is still a long way to go.