A survey of IT pros and top execs found that IT is worried about the lax attitude their bosses have toward security.
MobileIron has released a report that paints a troubling picture of tension between C-suite executives and IT decision makers when it comes to mobile device security.
The findings, the report states, suggest "that C-suite executives often bypass their organization's mobile security protocols, putting businesses around the world at significant risk of a data breach and highlighting the need for newer technologies to allow employees to be secure and productive at the same time."
Why the C-suite feels above mobile security
The report describes the problem plainly, "C-level executives often view themselves as above their organization's security protocols."
It found that 68% of executives surveyed claimed that IT security compromises their security, 62% said policies restrict device usability, and 42% said that IT security is a low priority for them.
SEE: Security Awareness and Training policy (TechRepublic Premium)
Those beliefs have led to 76% of C-suite occupants bypassing their organization's security protocols to get something done faster in the past year, while at the same time saying (88% of respondents) that IT security is an essential part of protecting the reputation of their organizations.
Further, 47% requested network access for unsupported devices, 45% asked to bypass multifactor authentication, and 37% wanted to access business data on an unauthorized app.
These attitudes are held by executives despite 84% saying that they were targeted by at least one cyberattack in the past year, with more than half of those attacks being phishing attempts.
How IT sees the C-suite
The self-reported numbers from business executives don't put them in a positive light, at least from a cybersecurity perspective, and IT leaders seem to be picking up on that. 78% of IT professionals who responded to the survey said that the C-suite is most likely to be targeted by phishing attacks, and 71% say those same executives are the most likely in their organizations to fall for such an attack.
SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)
74% of IT respondents also say that C-suite executives are the most likely to ask for relaxed mobile security for themselves; all of these numbers combine to create a tense environment between IT and executives, said Brian Foster, MobileIron's SVP for product management.
"In today's modern enterprise, cybersecurity can't be an optional extra. Businesses need to ensure they have a dynamic security foundation in place that works for everyone within the organization," Foster said.
What organizations need to do to fix mobile device security
C-suite executives have concerns that need to be addressed: Feeling like privacy is compromised by mobile security isn't a new complaint, after all, but neither is the idea that executives are bigger risks to organizational security.
Mobile security, the report concludes, needs to be a seamless experiences that's " easy to use,
ensuring that employees across the whole business can achieve maximum productivity without interruption, and without feeling that their own personal privacy is being compromised."
MobileIron is a zero trust security provider that specializes in securing mobile devices, so it's no surprise that the report suggests implementing a zero trust approach, which can "significantly reduce the level of risk to [an] organization by taking complete control of data as it flows across devices, applications, networks and cloud services – no matter who in the business is trying to access it."
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Kubernetes security guide (free PDF) (TechRepublic download)
- Information security policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)