Executive management has never been easy, but new technologies have introduced new complications — and new sources of burnout. One of the biggest keeping C-Suite leaders up at night? Cybersecurity risks. According to Chief’s New Era of Leadership report, executives rank cybersecurity threats and data privacy concerns as the second biggest challenge for their companies in 2024.
These risks were underscored recently when a finance worker was duped into paying more than $25 million to fraudsters, after he was convinced by a deep faked video call. While he originally was skeptical of an email he received from the purported CFO, his concerns were eased by a video call where he recognized his familiar colleagues. The problem? They were all fake, digitally created representations of the real people he knew.
“The deepfake scam in Hong Kong is a prime example of the severe damage that these attacks can cause for organizations and business leaders,” says Masha Sedova, Vice President of Human Risk Strategy at cybersecurity provider Mimecast. “With the help of AI, deepfakes are now both easier to create and more realistic. For an audio deepfake, all a scammer needs is 3 seconds of a TikTok video to create low-quality audio. For a high-quality deepfake, they need 40 minutes to an hour of audio or video content.”
From podcasts to social media to videos, scammers have no shortage of public materials to work from. And that’s just one worry on the endless list of cybersecurity risks in 2024 and beyond. Ransomware, where hackers hold data hostage until a payment is made, has cost companies like MGM more than $100 million in losses. Remote work has made it harder to monitor and control access to sensitive data as more people use personal devices. And sophisticated supply chain attacks can compromise existing trusted relationships to gain access to sensitive internal data or personnel.
These technological threats have consequences far beyond financial and reputational risk. They’re also a big reason for employee burnout — particularly for executives who must constantly anticipate the next big hazard and manage the fallout of major breaches.
Navigating Human Error
Mimecast’s recent State of Email and Collaboration Security report found that 3 in 4 cyber breaches are caused by human factors, like clicking a bad link or opening an attachment.
“Workplace communication tools, like email and collaboration platforms, are still the biggest threat vectors,” says Sedova. “Email remains the number one attack vector for cybercriminals and phishing remains the top threat to email users. Additionally, the volume of email-based phishing, spoofing, and ransomware attacks continue to increase.”
Education plays a major role in helping staff truly understand the different types of threats and where they come from, but culture also plays a big part — and that’s where C-Suite executives can really step in, and ensure their employees feel safe enough to call out potential threats, says Jamie Levy, Director of Adversary Tactics at cybersecurity firm Huntress.
“If your people are well educated on these types of attacks, made to check and double check, and feel comfortable questioning even someone at the C-Suite level who might seemingly make a request to wire transfer millions of dollars, then you’ll be able to sleep better at night,” says Levy. “You can trust your employees to do the right thing when you’re not there to watch over them.”
The Plan of Counter-Attack
With the growing vectors of digital attacks, it’s not a matter of if you’ll have to respond to a cyber attack, but when. Sedova recommends having a dedicated cybersecurity response team identified in advance, and activating them as soon as it’s been found that an attack has occurred. Once that happens, she suggests taking the following steps:
- Identify & Contain: Once the team is assembled, identify the type of attack that your company sustained and contain the breach by shutting down all access attackers may have to your system.
- Assess & Repair: After containing the attack, assess the damage: Have any critical business functions been compromised? Was any data impacted by the breach? Any systems illegally accessed? Are there any remaining vulnerable entry points? Make sure the right security protocols are in place to mitigate further damage from the breach.
- Report & Inform: Thorough communication is key. Report the incident to the proper authorities and communicate with customers about how your company has been impacted. Report on all details of the breach to learn from the situation and prevent it from reoccurring in the future.
Having a well-implemented response plan can also ease stress levels, knowing that you have the mechanisms in place to appropriately address the incident.
The Real Threat of Burnout
The relentless nature of cybersecurity vigilance takes its toll on anyone tasked with managing it. “Staffing shortages, heavy workloads, tedious tasks, and limited visibility into the threat landscape can all lead to burnout,” says Sedova.
While additional cybersecurity staff would always be ideal, the demand currently outpaces supply for skilled employees. Sedova suggests bringing in external resources like the non-profit consultancy Cybermindz to help employees manage stress in the cybersecurity space. The organization’s suggested relaxation techniques are some of the same used for active military and veterans — illustrating the intensity of stress these employees endure.
Even in the face of the most sophisticated technology threats, skills like trust, care, and open communication are still the most valuable defense against cybercrime.