Password Hygiene Amongst Cybersecurity Leaders is Lacking, Survey Finds
Constella Intelligence research reveals that one in four cybersecurity leaders use the same passwords for both work and personal use; more than half experience account takeover first-hand
LOS ALTOS, Calif., May 20, 2021 – Constella Intelligence (“Constella”), a global Digital Risk Protection leader, today released the results of “Cyber Risk in Today’s Hyperconnected World,” a survey that unlocks the behaviors and tendencies that characterize how vigilant organizations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge.The findings from Constella’s survey, which polled over 100 global cybersecurity leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%). About one in four (24%) respondents have used the same password for both work and personal use, while the survey also found that nearly half (45%) of cybersecurity leaders are putting themselves at risk by connecting to public Wi-Fi without using a VPN.“More than ever before, individuals and companies alike need to ensure that a robust and secure environment is in place,” said Constella Intelligence CEO Kailash Ambwani. “Amidst the rise in cyber attacks to organizations, many of which are perpetrated through C-suite impersonations, employee cybersecurity awareness is now arguably as important as an organization’s security infrastructure. And as the professional and personal spheres become increasingly digitally intertwined, both leaders and employees must pay close attention to the role each one of us plays in collective cybersecurity hygiene.”Other key findings include:
- Almost half (48%) of cybersecurity leaders use their work computer to log on to social network platforms. Further, 77% are willing to accept connection/friend requests from unknown individuals—especially on LinkedIn (63%).
- Almost three-quarters (74%) of cybersecurity leaders reported being targeted in a phishing or vishing attack in the last 90 days. One-third (34%) say they have been targeted in a phishing or vishing attack from someone impersonating their CEO.
- More than 50% of companies surveyed have no policy or process in place to monitor the digital public sphere for threats against their brand or brand reputation.
The survey specifically focuses on respondents’ usage related to personal and work email accounts, social media account logins, and smart devices in an era when brands and executives are increasingly targeted and reputational consequences associated with breaches and exposures is greater than ever. Download the complete findings of the 2021 Survey Report here