Information Technology workers get paid to prevent identity theft, but CEO’s never take their advice.
Top IT workers are frustrated. They receive a limited budget while they watch their bosses throw money at the wrong cybersecurity.
Sixty-five percent of CEO’s feel malware protection is top priority, while only 35 percent of IT workers agree, says a joint study from online security company Centrify and Dow Jones.
Poor communication is the reason for their problems. CEOs don’t simply delegate cybersecurity responsibilities to the people they pay to take care of them. Eighty-one percent of CEOs say they’re most accountable for cybersecurity strategies at their company. Only 78 percent of top IT workers, or technical officers say the same.
CEOs may feel that way, but actions show they’re out of their element. Seventy-nine percent of technical officers admit there’s been a data breach. However, only 55 percent of CEOs agree. One-fourth (24 percent) of CEOs are unaware when their companies experience a data breach.
“It’s clear that the status quo isn’t working,” says Tom Kemp, CEO of Centrify. “While the vast majority of CEOs view themselves as the primary owners of their cybersecurity strategies, this report makes a strong argument that companies need to listen more closely to their technical officers.”
Companies can’t keep up
Data breaches are growing at a staggering rate. It’s so severe that company executives struggle to make a steady plan to prevent or combat the next one.
A joint survey of 1,300 executives, from risk management company Marsh and Microsoft says that two-thirds (56 percent) rank cybersecurity among their highest risks to their companies. Despite how important they view cybersecurity, only 19 percent feel confident in their company’s ability to respond and resolve a cyber attack. And only 30 percent have a plan in place.
Companies have also changed their motives for cybersecurity.
Protecting customer information has historically been the most important impact on an organization, according to the survey. Seventy-five percent of executives now view business interruption as the worst cybersecurity scenario that impacts companies. Only 55 percent view customer information through the same lens now.
“Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex,” says Marsh’s president of global risk and digital John Drzik. “It’s time for organizations to adopt a more comprehensive approach to cyber resilience.”
Research suggests companies need to keep up with cybersecurity strategies, especially at the pace hackers evolve their tactics.
Hackers keep two steps ahead
As if companies weren’t vulnerable enough before a cyber attack, many maintain status quo after. Almost half (46 percent) of IT workers say they rarely make major changes in their cybersecurity strategy, says a study from CyberArk.
Most of these companies are also easing up on best cybersecurity practices.
Only high ranking employees are recommended to have access to confidential or privileged data on their work computers or devices. In 2016, IT workers reported that 62 percent of employees had access to privileged data, now 87 percent do. This points out that flexibility is more important than security.
“Attackers continue to evolve their tactics, but organizations are faced with cyber security inertia that is tipping the scales in favor of the attacker,” says Adam Bosnian, a CyberArk executive.
There are a couple recent positive trends in the cyber world, but of course with every positive comes another negative.
Good news, bad news
A global study of 1,200 IT professionals concludes cyber attacks decreased from 2016-2017, according to Cyber Edge Group.
This is the first time that’s been reported in five years, according to the survey. The number of successful attacks on organizations fell from 79 percent to 77 percent, while the number of six or more successful attacks fell from 33 percent to 27 percent.
The amount of companies affected by ransomware has also decreased from 61 percent in 2016 to 55 percent in 2017. For the companies affected by ransomware, that paid what hackers were asking, only half recovered their compromised data.
“Got a coin? Flip it to see if you’ll get your data back after paying a ransom associated with ransomware,”says Steve Piper, CEO of CyberEdge Group. “That’s just plain scary”
It’s important to point out that not all identity theft takes place online. Thieves revisit and update their old tricks too.
More bad news, but about debit cards
The amount of fraudulent activity on ATM and debit cards hit a record high last year, according to TJ Horan, vice president of fraud solutions at FICO.
Data recently released by the analytic company says that there was a 10 percent increase in compromised debit cards, and an 8 percent increase in compromised card readers at ATMs, stores and restaurants in the U.S. in 2017.
“While most devices are safe, fraudsters are developing new technology and methods for hacking ATMs,” Horan says. “This is why it’s important for consumers to be cautious when withdrawing cash, and also for them to check their account regularly and confirm that all the transactions on their debit card are legitimate.”
Identity theft tips
How to avoid fraudulent charges on your debit card, recommended by FICO:
- Be suspicious of the ATM you use. If there is something strange about the way it looks or the way your card enters, just walk away.
- Same if there is someone lingering around the ATM. If you pull up in your car, and someone is using the machine, just wait until they leave to get out and use it.
- If the machine eats your card, it may not have been captured by the bank or ATM provider. Call your bank, report the incident and request a replacement card.
- If you feel suspicious about a store or restaurant that you used your card at, call your bank to change your card and PIN number. Better safe than sorry.
- Monitor your transactions. Most banks offer online banking, and your monthly statement. The latter won’t be as frequent but it’s important to check.
- Check your card transactions frequently, using online banking and your monthly statement.
- Ask your bank if it offers an alert technology that can contact you by text message or email if fraudulent activity is noticed on your debit card.
- Make sure your cell phone number and mailing address are current in case you need to be contacted over suspicious activity.
Meet the Author
Article last modified on April 19, 2018. Published by Debt.com, LLC . Mobile users may also access the AMP Version: Identity Theft: Your Boss Is The Reason Your Company Gets Hacked - AMP.