RedSeal Appoints New CEO, Bryan Barney, Former Head of Symantec’s Enterprise Security Group

Ray Rothrock, cybersecurity, energy, and venture investing visionary, transitions to Executive Chairman

SAN JOSE, Calif.— June 1, 2020 — RedSeal, whose award-winning cyber terrain analytics platform helps companies measurably reduce their cyber risk, announced today the appointment of Bryan Barney as Chief Executive Officer. Ray Rothrock, an initial investor in RedSeal who has been at the helm since 2014, will remain active in the company as Executive Chairman of the Board.

Barney brings more than 29 years of experience in enterprise-grade commercial software and 18 years in cybersecurity. He has led organizations through massive growth, from early stage to IPO and beyond.

As CEO of RedSeal, Barney will drive continued development of the RedSeal platform and its commercial adoption by government agencies and Global 2000 companies. RedSeal’s sophisticated technology gives security and management teams the most holistic understanding of their organization’s cyber risks – across physical, cloud, and virtual networks – including remote endpoints.

Before joining RedSeal, Barney led Symantec Enterprise Security Group through its transition from a traditional security company to a cloud services organization as general manager and senior vice president. In this time, he led the business unit responsible for Symantec’s award-winning endpoint security, endpoint detection and response, data loss prevention, email security, IOT, and cloud workload protection products, which, in combination, generated $1.2B in annual bookings. He oversaw a team of 1,300 engineers, product managers, and other staff across 10 different locations.

Prior to Symantec, Barney was SVP and General Manager of the Network Security Group at Sophos Group plc for three years. During his tenure, Sophos expanded their network security business by an average 25% year-over-year, and helped the company go public on the London Stock Exchange.

Barney also spent 13 years at McAfee, where he served as EVP and head of product development for the broadest security portfolio in the industry. Under his leadership, McAfee’s offerings enjoyed a preeminent competitive position with seven products consistently placing in the leadership quarter of Gartner’s Magic Quadrant analysis. With these products, McAfee became a dominant security vendor among large enterprises and the US Federal government.

“The 2020 Verizon Data Breach Investigation Report confirms that configuration errors – the result of overwhelming network complexity – have been increasing since 2017, and are now practically ubiquitous,” said Barney. “Today’s networks are highly intricate and constantly evolving. It is nearly impossible for an administrator to fully understand a large network infrastructure, and you cannot secure what you do not understand. RedSeal’s sophisticated network modeling technology allows customers to understand the fundamentals of their network and quickly identify misconfigurations and prioritize security vulnerabilities. With the rapid adoption of public cloud, hybrid cloud, and multi-cloud environments, network security is becoming even more complex. The need for RedSeal’s technology is both urgent and universal. This is a truly exciting opportunity.”

Ray Rothrock, who is transitioning to executive chairman from CEO of RedSeal, has led the company through a number of milestones, including its recent growth equity investment from Symphony Technology Group (STG). He will remain very active in his strategic advisory role and continue to serve as a company evangelist.

“I’m thrilled to have Bryan aboard, as he’s something of a legend across the cybersecurity industry,” said Rothrock. “I’m impressed not just with his track record, but also his curiosity and data-based decision-making. Plus, he shares the team and the board’s commitment to building a great company with a culture that values its people and its customers.”

RedSeal Helps Healthcare Organizations Reduce Cyber Risk

MedTech Breakthrough Awards selects RedSeal as best overall healthcare cybersecurity solution

SAN JOSE, Calif. — May 21, 2020 — Today RedSeal announced its cyber terrain analytics platform won the MedTech Breakthrough Award for best overall healthcare cybersecurity solution. This builds on a recent TAG Cyber study that confirms the platform – which automates cybersecurity fundamentals – is well-suited to meet the cybersecurity needs of modern healthcare organizations for cyber visibility, compliance and risk management.

The current health crisis has forced employees across healthcare and telemedicine organizations to work remotely, prompting hackers to target Virtual Private Networks (VPNs) and conduct password-spraying attacks on the healthcare sector and other essential services. As a result, the FBI and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released a joint alert on May 13 raising concern for cybersecurity threats targeting organizations addressing COVID-19.

To ensure the remote workforce has access to the appropriate applications and systems while maintaining the same level of security posture and compliance as before, RedSeal launched its Secure Remote Work Assessment. As a result, security and management teams receive the most holistic understanding of their organization’s cyber risks – across physical, cloud and virtual networks – including remote endpoints.

In addition, RedSeal is offering new professional service packages to improve cyber visibility and cloud cyber visibility, while building on its successful professional services to support compliance and risk vulnerability.

“Cybercriminals attack the most vulnerable organizations, which puts healthcare providers, associated verticals and their employees on the frontlines of a cyber battle as well as a global pandemic,” said Dr. Mike Lloyd, chief technology officer at RedSeal. “Now more than ever, it’s important to ensure their systems and networks are secure. We are honored to be named the best healthcare cybersecurity solution – and hope that our new set of services will greatly assist already impacted healthcare organizations.”

RedSeal Launches Five New Services to Measurably Reduce Cyber Risk Across Remote Workforces

Secure remote workforce, cyber and cloud cyber visibility assessments along with tiered service offerings ensure overtaxed network infrastructures continue to be secure

SAN JOSE, Calif.— In direct response to expanding remote work operations, today RedSeal announced five new services to help enterprises establish safe and secure environments, understand new cyber risks and ensure business continuity.

According to Q1-2020 research, demand for VPNs peaked at 65 percent above average and remains 22 percent higher than pre-pandemic levels (Top10VPN). By focusing on cybersecurity fundamentals, RedSeal’s award-winning cyber terrain analytics platform helps government agencies and Global 2000 companies measurably reduce their cyber risk over these increasingly dynamic attack surfaces.

In the face of rigorous new demands, RedSeal gives security and management teams the most holistic understanding of their organization’s cyber risks – across physical, cloud and virtual networks – including remote endpoints. To further support customers’ success, RedSeal is offering five services packages to improve cyber visibility, cloud cyber visibility, compliance, and risk vulnerability efforts.

“COVID forced a crash course on remote working for companies worldwide; as a result, it’s now an integral and permanent part of business operations,” said Ray Rothrock, CEO and chairman of RedSeal. “The rush required organizations to make significant changes to their networks and potentially expose critical data. Now, our services help address organizations’ urgent need to securely accommodate increased numbers of remote workers while also mitigating exposure to cybersecurity threats.”

RedSeal Secure Remote Work Assessment

This 30-day remote assessment is the fastest way for new customers to get peace of mind that their remote workforce has access to applications and systems without compromising their security posture. The RedSeal Secure Remote Work Assessment helps organizations understand if their network inventory is accurate, if their network devices are securely configured, and if their network is adequately protected.

The company supports the NIST guidelines for enterprise telework security by highlighting configuration gaps in the remote work infrastructure and validating the secure configuration of VPN concentration points.

RedSeal Cyber Visibility Assessment Package

Like the Remote Work Assessment, the RedSeal Cyber Visibility Assessment helps new customers quickly understand if their network device inventory is accurate and if those devices are securely configured. Specifically, during this 30-day remote assessment, a RedSeal professional services engineer will:

  • Identify discrepancies and potential gaps in inventory understanding
  • Review network device configurations and confirm if they adhere to specific and industry-wide best practices, and report any discrepancies
  • Review a network map to identify interconnectivity – and potential risks – between devices
  • Share advice for remediating device configurations that do not comply with best practices

RedSeal Cloud – Cyber Visibility Assessment

The 30-day remote RedSeal Cloud – Cyber Visibility Assessment gives new and existing RedSeal customers the ability to visualize the interconnectivity of their cloud environment and assess the accuracy of their cloud inventory. It includes licenses from one of three RedSeal supported vendors: Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).

Three RedSeal Managed Service Packages

To support current and future work at home/shelter in place scenarios, RedSeal’s Managed Service Packages ensure that network infrastructures can accommodate an increase of remote workers while maintaining their security posture. The three step-up offerings help organizations address their most critical issues. Specifically:

  • Cyber Visibility Package provides an ongoing understanding of what assets are on a network and how they are connected. The service monitors established baseline security controls and network best practices and includes a roadmap — developed and executed — for the security team. Prioritized recommendations for controls, basic security and operational hygiene maintenance are also provided.
  • Cyber Compliance Package includes the Cyber Visibility Package, plus monitoring to ensure compliance with regulatory and internal network segmentation requirements, as well as accelerated security change reviews.
  • Cyber Risk Management Package builds on the Cyber Visibility and Cyber Compliance Packages with strategic remediation, moving efforts from “patch everything” to “patch what matters the most,” to ensure focus stays on asset criticality and reachability from untrusted connections.

Complimentary RedSeal Health Check Service

The free RedSeal Health Check Service is for RedSeal customers who have lacked resources to maximize the benefits of their cyber terrain analytics platform; new RedSeal administrators who want to efficiently operationalize their platform, as well as management teams who want confirmation that RedSeal is delivering on business outcomes.

The multipoint evaluation reviews the RedSeal deployment to determine how well it’s aligned with business goals and prioritizes recommendations and remediation advice to ensure it meets expectations.

RedSeal’s Cyber Terrain Analytics Platform Lauded Across Verticals with Seven Awards for Excellence

Financial, technology, government and cyber sector accolades propel RedSeal to sixth year on JMP Securities’ hottest private cybersecurity companies list

SAN JOSE, Calif. — RedSeal today announced that it has received seven new honors in the last six months. Trusted by all four branches of the military, and more than 250 of the world’s most credible healthcare institutions, power grid companies and mission-critical government agencies, its cyber terrain analytics platform is the world’s only solution that helps improve cyber resilience to security events by showing security teams what’s on their networks, how everything is connected across physical assets and those in public and private cloud environments, and the associated risk.

RedSeal’s executives and its technology which helps validate policies, expedite investigations, and prioritize issues that compromise an organizations’ most reachable, valuable assets received honors from the following organizations:

  • JMP Securities’ JMP Elite 80, which ranks the “hottest privately held cybersecurity and IT infrastructure companies,” featured RedSeal for the sixth consecutive year.
  • CRN’s 2020 Partner Program Guide recognized RedSeal as a 5-Star Security Vendor for offering the most comprehensive training, services, benefits and incentives to its partners.
  • For the third consecutive year, TMCNet’s Cloud Computing Security Excellence Awards named RedSeal its winner for consistently demonstrating the advancement of technologies to secure cloud applications.
  • Security Today’s 11th annual Govies Government Security Awards named RedSeal the 2020 Platinum Winner in two separate categories: outstanding solution for network security, as well as security and risk intelligence in the government sector.
  • Juniper Research’s Future Digital Awards, which honors the most innovative solutions for digital service providers and leading players in the market, gave its Platinum security award to RedSeal, for its exceptional network protection platform.
  • The Stevie Awards’ 2019 Women in Business Award selected Julie Parrish, RedSeal’s chief operating officer, as a Woman of the Year for Technology, for her outstanding achievements as a leader and for her roles in successfully increasing the company’s market.

“Across industries, these awards recognize the value our cyber terrain analytics platform delivers: unrivaled control in the face of escalating cyber complexity and threats,” said Ray Rothrock, chairman and CEO at RedSeal. “Every day I’m grateful for – and inspired by – the dedication and ingenuity I see from each of our exceptionally talented team members.”

UK Business at Risk as Cyber Skills Gap Reaches Breaking Point

  • Over a year on from Parliament’s National Security Strategy report, cybersecurity training opportunities still aren’t a priority for the Government
  • A deepening talent gap in cybersecurity has potential to cause irreparable damage to UK business
  • CIOs and senior IT employers say a looming, uncertain Brexit is presenting enormous hiring challenges
  • Businesses face a global shortage of approximately 4 million cybersecurity pros
  • A focus needs to be put on ‘skilling up’ the UK’s next generation of cyber security professionals

27th November 2019 – A new, in-depth piece of research* conducted amongst UK CIOs and senior IT professionals has revealed that the cybersecurity skills gap has reached a crisis point, putting British business on the backfoot in the ongoing war against online fraud and cybercrime. This cybersecurity industry study from digital resilience experts RedSeal, unearthed major concerns about business’ ability to develop, attract and retain personnel with the right skillset to stand up against an ever growing threat landscape.

An enormous 87 percent of CIOs and senior IT pros reported that they are struggling to find cybersecurity professionals with the expertise needed to combat serious and organised online crime. Almost three quarters (73 percent) went on to say that uncertainty around Brexit is a huge concern when it comes to hiring security professionals from outside the UK. Further, 95 percent specified that Brexit will in fact widen the current skills gap, since many IT security professionals currently within British business are from outside the UK – due to the lack of advanced cybersecurity education provided locally.

Why aren’t cybersecurity training opportunities being made a priority by the Government?

It has been just over a year since Parliament’s Joint Committee on the National Security Strategy, a cross-party group that works across both the Commons and Lords, published a report exposing the UK’s chronic lack of digital skills, even within some of its own security agencies. Published in July 2018, the report revealed that ‘although the UK has one of the most vibrant digital economies in the world, there is not currently the cyber security skills base to match, with both the Government and private sector affected by the shortage in skills. Authors of the report, titled Cyber Security Skills and the UK’s Critical National Infrastructure, voiced huge concerns around the Government’s apparent lack of urgency in addressing the cybersecurity skills gap in relation to Critical National Infrastructure.

Cybercrime is a real and present problem for UK business at a time of continued uncertainty

Further questioning within the RedSeal research also demonstrated that cybercrime and its impact on UK business continues to grow, with 81 percent reporting that they have suffered a cybersecurity breach in the last 12 months. The lack of skills has also contributed to a lack of proper response planning and almost half (40 percent) of senior IT pros stating that their business doesn’t have a plan in place to respond to a security breach.

RedSeal urges the UK government to create a more robust education policy that will deliver the skills needed in the future.

Dr Mike Lloyd, CTO at RedSeal and expert in the study of the spread of malware, commented on the new research: “Across the industry, we have drained the talent pool for security professionals. There’s a global shortage of about 4 million cybersecurity pros, up from just over 3 million last year**.  The UK’s education system can help, but not quickly – professionals agree that it takes about 10 years of real-world experience to develop the skills needed to combat today’s threats, so we’re facing a sustained drought for talent. Automation can help but cannot replace human intuition and insight. We have to build hybrid teams, combining computers for all the drudge work so that the few human analysts can focus on the security tasks that matter.”

Professor Peter Komisarczuk, Head of Department Information Security at Royal Holloway University of London, commented: “Further and higher education in cybersecurity needs continuing support in order to keep pace with the ever changing threat landscape that UK business is facing right now. There is a shortage of professionals with cyber security skills in the UK which means that engaging young people and mid-career changers in developing skills and knowledge through high level technical and computing education is more important than ever before.”

He continued: “There are significant career opportunities in cybersecurity – the average annual salary for jobs in cybersecurity is £72,500 and we are seeing our graduates getting significantly more that the average graduate salary of £23,000 on leaving with their degree. Moreover, the potential to contribute to economic growth is huge, as well as support UK business against a very real cyber threat.”

He finished: “There are some great schemes encouraging younger people to pursue a career in Information Security such as CyberFirst which provides excellent opportunities for 11-17 year olds to develop skills and knowledge as well as a bursary scheme for undergraduate students.”

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place on 19th-27th June 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code.

**According to the latest annual workforce study by (ISC)²

RedSeal Expands Hybrid Network Modeling Capabilities to Include Google Cloud Platform

Organizations can see access and prioritize vulnerabilities across network environments

SAN JOSE, Calif. — Nov. 5, 2019 — Today RedSeal added support for Google Cloud Platform to expand customers’ continuous network understanding across their entire infrastructure and cyber terrain.

With the addition of Google Cloud Platform, RedSeal consolidates network data from the most prevalent public and private cloud offerings including Amazon Web Services, Microsoft Azure, VMware NSX, Cisco ACI, as well as physical networks.

RedSeal is the only solution that automates fundamental cybersecurity activities, including evaluating devices to see if they’re securely configured, making sure there are no unintended access paths to critical data, monitoring network changes, and keeping a network compliant with relevant policies and regulations. Considered a force multiplier for existing security products, RedSeal increases confidence that there are no unintended openings in a network.

“Security teams, CISOs and CIOs struggle to understand their complex and dynamic network environments,” said Kurt Van Etten, chief product officer at RedSeal. “RedSeal gives them the visibility and understanding they need.”

RedSeal’s cyber risk modeling platform brings complex hybrid multi-cloud, software-defined networks and on-premise environments into one, unified model. With the unprecedented visibility RedSeal provides, teams can:

  • Quickly visualize network risk, including all possible access across and within their entire network – whether intended or not. When a workload in the cloud is compromised, teams can determine if physical or SDN assets are also at risk.
  • Discover unknown or unmanaged assets.
  • Ensure the right controls are in place and the network remains in compliance with policies and regulations.
  • Accelerate investigation of incidents and vulnerabilities and prioritize them based on risk to each network.
  • Minimize impact of an attack, and keep valuable assets and operations running in the face of cyberattacks.

RedSeal also delivers the Digital Resilience Score, a metric indicating a networks’ ability to respond to and rebound from incidents. The score measures how networks are actually set up, taking into account unmapped areas, how accessible vulnerabilities are – and where a compromised system could reach.

This network understanding is the foundation of network resilience, improving network and security operations, vulnerability management, incident response, risk and compliance, and M&A functions.

RedSeal Appoints Greg Straughn as Chief Financial Officer

SAN JOSE, Calif. — Oct. 8, 2019 — RedSeal today announced the appointment of Greg Straughn as its chief financial officer (CFO). Following Symphony Technology Group’s equity investment in RedSeal earlier this year, Straughn will help drive RedSeal’s rapid growth as organizations increasingly prioritize digital resilience as the objective for their cybersecurity strategy.

RedSeal’s cyber risk modeling and scoring platform is already trusted by hundreds of Global 2000 corporations, mission-critical government agencies, power grid companies and the world’s leading financial institutions. With Straughn at its financial helm, RedSeal will strengthen its position in the market, as well as expand and pursue new growth opportunities.

“This is an important and strategic hire for RedSeal, as Greg has a proven track record of helping companies drive growth,” said Ray Rothrock, chairman and CEO at RedSeal. “His wealth of knowledge and extensive experience will play a critical role as we expand our market presence and help more organizations become resilient in this era of increased cyber threats.”

While CFO of A10 Networks (NYSE: ATEN), a leader in application networking and security solutions, Straughn navigated the company through and beyond its $187 million IPO. His strategic financial and growth plans helped increase the company’s quarterly revenue by more than 260 percent, from approximately $18 million to $65 million over 5 years. Additionally, he held CFO positions at Kabira Technologies and AT&T/Pacific Bell Internet Services.

Straughn also served as a principal at Meridian Business Systems, a consulting firm at the intersection of finance and strategy, where he assisted large and small organizations in growth planning, business plan development, fundraising and IPO planning.

Having earned 11 new awards in the last nine months RedSeal is considered a force multiplier for every security product on the network. By ensuring that network fundamentals are correct, providing a network risk assessment, and evaluating compliance with regulations and policies, RedSeal gives organizations a holistic understanding of their networks. Its Digital Resilience Score measures a network’s resilience and the effectiveness of existing cybersecurity investments in protecting business operations and value.

RedSeal Recognized by Multiple Industry Publications for Growth Potential, Cyber Risk Modeling and Thought Leadership

CEO Ray Rothrock awarded SC Media Reboot Leadership Award

SAN JOSE, Calif. — RedSeal (www.redseal.net) today announced that it has received three new awards recognizing its executive leadership, cyber risk modeling platform capabilities and the company’s overall growth potential.

The following organizations have honored RedSeal in this latest round of award of wins:

  • SC Media named RedSeal Chairman and CEO Ray Rothrock a winner in the Thought Leader category of the SC Reboot Leadership Awards. Rothrock was selected for his efforts to drive resilience as a cyber security strategy and further improve the level of security across both public and private enterprises. Celebrated as a team player – who is both a strategic thinker and a doer – Rothrock’s work to create solutions, establish standards, and initiate best practices has greatly contributed to the cybersecurity industry as a whole.
  • Cyber Defense Magazine’s Black Unicorn Award, whose judges included Robert Herjavec of Shark Tank and Dave DeWalt founder of NightDragon Security, selected RedSeal as a candidate with the potential to reach a $1 billion market value. Criteria to become a Black Unicorn includes a proven, dedicated and passionate leadership team, combined with an in-demand, innovative cyber security solution, and harmonious execution.
  • Security Today’s New Product of the Year Award chose RedSeal’s cyber risk modeling platform as the best Risk Management Software for its outstanding platform development achievements. The award recognized RedSeal as the only U.S. government certified platform that can create a network model across complex hybrid data centers –including cloud, SDN and on-premise environments.

“It has been a terrific year for RedSeal, marked by the equity investment from Symphony Technology Group (STG) in April to further accelerate our growth,” said Julie Parrish, COO and CMO at RedSeal. “We have received eleven awards this year – recognizing our platform, leadership team and endorsing our opportunity. I am delighted to see that in addition to our product awards, CEO and Chairman Ray Rothrock has been acknowledged for his thought-leadership efforts.”

CEOs Use of Smart Devices Increase Risk of Cyberattack

  • New research finds CEOs are disengaged from cybersecurity policies — 30% are unaware of the volume of attacks on their business and 54% don’t adhere to security teams’ ‘out of office’ security protocol
  • Smart technology puts sensitive information at risk, as CEOs become a major target for hackers and cybercriminals  

SAN JOSE, Calif. – RedSeal, the leader in network cyber risk modeling for hybrid environments, released the results of research that found the lack of CEO-specific security plans, their failure to comply with plans in place and the growing prevalence of unsecure smart devices mean CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks.

The RedSeal research*, which polled senior IT teams up to CIO level, unearthed a number of gaps in cybersecurity protocols and awareness in the C-Suite. Although the research demonstrated that many senior IT professionals have tried to implement CEO-specific cybersecurity plans, more than half (54%) believe their CEO exposes their organization to potential compromise by not following procedure. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

The proliferation of smart devices is a danger to business

With data showing one in five smart devices** have been breached or compromised, along with senior executives who don’t follow cybersecurity measures outside the office, there’s significant risk, or opportunity.

“C-suite executives are ideal targets. They have broad access to their organizations’ network resources yet frequently see themselves as exempt from the inconvenient rules applied to others,” said Dr. Mike Lloyd, CTO of RedSeal. “Combine this with the security lapses prevalent while traveling and in the home, and you have a great opportunity to exploit for commercial or national advantage.”

The risk of cyberattacks is high and business leaders know it. According to the recent Cyber Risk Index (CRI) survey by the Ponemon Institute, “80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year.” It also highlighted a critical gap between data risk and the protection measures businesses have in place noting, “…the ability to securely implement disruptive technologies like mobile, cloud, and IoT devices was a great concern.”

There is global confusion as to how many cyberattacks businesses have experienced in the last 12 months. For example, the UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas RedSeal’s research reports 81% of senior IT professionals in the UK admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organization.

The research also revealed that 42% of companies don’t have a cyber-response plan in place to inform customers of a security breach, and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. The concept of a perfect defense is illusory; in a complex and interdependent world, some attacks are bound to succeed. Organizations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place from June 19 – 27, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

** Atomik Research conducted an online survey on behalf of RedSeal among 2,004 UK consumers aged 18+ between June 19 – 25, 2019. To read a summary, please click here.

CEOs’ Lack of Cyber Awareness Is Exposing UK Business To Major Risk

London, UK – Tuesday 16th July 2019 – The lack of CEO-specific security plans, failure to comply with plans in place and the growing number of unsecure smart devices in the home and places of travel (such as hotels) means that CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks, a new piece of research has revealed today.

The latest survey*, conducted by RedSeal amongst senior IT teams up to CIO level within UK businesses, unearthed a number of gaps in cybersecurity protocols and awareness amongst a CEO audience. Although the research demonstrated that many senior IT professionals have aimed to put CEO-specific cybersecurity plans in place, over half (54%) don’t believe that their CEO follows procedure and are exposing their organisation to potential compromise. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

  • New research reveals that CEOs are disengaged from cybersecurity challenges and are unaware of many of the attacks on their business
  • Many CEOs still aren’t adhering to ‘out of office’ security measures put in place by their security teams
  • Smart technology is putting sensitive company information at risk, as CEOs become a major target for hackers and cybercriminals

The proliferation of smart devices is a danger to UK business

With the ever-changing digital working habits and behaviours of CEOs made possible by innovative mobile and smart technology the research found that cybersecurity measures aren’t being followed outside the traditional workplace — an enormous potential security oversight given 1 in 5 smart devices in the home** have been breached or compromised.

“Smart devices are important because they are new, unproven, and not built with security as a primary goal” said Dr. Mike Lloyd, CTO of RedSeal. “Smart devices compete on convenience and price. Security is usually an after-thought, if it’s addressed at all. Some popular smart devices, like smart speakers, compromise privacy even when working as intended — which is scary when you think about the opportunity this presents to people who want to spy on CEOs for commercial or national advantage. CEOs have wide access to their organisation’s network resources, the authority to look into most areas, and frequently see themselves as exempt from the inconvenient rules applied to others. This makes them ideal targets.”

UK business is also under attack but are we trying to hide it?

There is industry-wide confusion as to how many attacks there have been on UK business in the last 12 months. The UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas this most recent research from RedSeal is showing that, in fact, 81% of senior IT professionals admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organisation.

The research also revealed that 42% of UK companies don’t have a cyber-response plan in place to inform customers of a security breach and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. Perfect defence is illusory; in a complex and interdependent world, some attacks are bound to succeed.  Organisations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

ENDS

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place on 19th-27th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

**A second online survey was conducted by Atomik Research among 2,004 UK consumers aged 18+. The research fieldwork took place on 19th-25th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.