Forty percent of organizations believe C-level executives, including the CEO, are most at risk of being hacked when working outside the office, according to the results of a recent iPass survey of 500 organizations in the U.S., U.K., Germany and France.
Cafes and coffee shops were ranked the highest-risk venues by 42 percent of respondents, followed by airports (30 percent), hotels (16 percent), exhibition centers (7 percent) and airplanes (4 percent).
Ninety-three percent of respondents said they're concerned about the security challenges presented by a growing mobile workforce, and 47 percent said they're very concerned.
In response, 68 percent of organizations have banned employee use of free public Wi-Fi to some degree, and 33 percent have banned employee use of free public Wi-Fi at all times.
Key concerns when employees use public Wi-Fi include man-in-the-middle attacks, cited by 69 percent of organizations, as well as lack of encryption (63 percent), unpatched operating systems (55 percent), and hotspot spoofing (58 percent).
A Dangerous Combination
"The grim reality is that C-level executives are by far at the greatest risk of being hacked outside the office," iPass vice president of engineering Raghu Konka said in a statement. "They are not your typical 9-to-5 office worker. They often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data imaginable. They represent a dangerous combination of being both highly valuable and highly available, therefore a prime target for any hacker."
"Cafes and coffee shops are everywhere and offer both convenience and comfort for mobile workers, who flock to these venues for the free high speed Internet as much as for the coffee," Konka added. "However, cafes invariably have lax security standards, meaning that anyone using these networks will be potentially vulnerable."
Plixer CEO Michael Patterson told eSecurity Planet by email that it's important to remember that C-level executives don't always need constant access to the corporate jewels. "Many times they don't need access at all, and rely on other members of the company to gather the information they need," he said.
"Regardless of the security measures taken, total prevention is impossible and compromises are inevitable," Patterson added. "As a result, companies need to monitor remote access with network traffic analytics in an effort to uncover unwanted behavior patterns that will often expose an early indication of a compromise."
Managing Online Security Threats
A separate IEEE survey of 300 CIOs and CTOs in the U.S., U.K. and India found that 45 percent of respondents said online security threats will be their biggest challenge this year, followed by the speed of technological change (18 percent) and regulation or compliance issues (11 percent).
Just 27 percent of respondents say they're able to track and manage more than three quarters of the devices connected to their business, such as smartphones, tablets and IoT devices. Thirty-eight percent say they're able to track and manage less than half of the devices connected to their business.
If given an extra $5 million dollars, 59 percent of CIOs and CTOs would invest it in protecting infrastructure rather than in resources and growth.
According to a recent Juniper Research report, while global cyber security spend will reach almost $135 billion by 2022, data breaches will cost companies a cumulative total of $8 trillion in fines, lost business and remediation costs over the same period of time.