Mid-market CEOs are increasingly becoming victims of hackers, often not because of weak systems, but because of leadership resistance to basic security protocols.
We usually imagine a hacking victim as someone careless or naïve or perhaps an older person uncomfortable with technology.
But it’s not unusual for some of the smartest, most capable people we know to fall prey to cyber crime – that is, mid-market CEOs.
The video explains how this happened to one CEO – and how we helped them dig out of it.
Table of Contents
The Resistance to Security
- Special Treatment: A CEO pushed back against implementing Two-Factor Authentication (2FA) for themselves, believing that as a co-owner and leader, the rule shouldn’t apply to them [00:20].
- Password Negligence: The CEO also refused to participate in regular password changes (every 30 days) to avoid the “burden” of remembering new ones [00:32].
- Credential Sharing: Unbeknownst to the IT team, the CEO used the same password for their business account as they did for personal online shopping [00:46].
The Breach
- The “In”: An online shopping site the CEO used was attacked, and their personal email and password were stolen. The hackers tried these credentials on the business account and successfully gained entry because 2FA was not enabled [01:04].
- The Silent Siphon: Once inside, the hackers set up a clever rule: any email containing financial or business-related keywords was moved to a hidden RSS folder and automatically forwarded to an external email address in China [01:18].
Discovery and Lessons
- The Red Flag: The breach was only discovered when an urgent document from the CFO failed to appear in the CEO’s inbox twice, even though the system showed the transaction was “complete” [01:31].
- Targeting the Top: The video concludes that senior leaders are the primary targets for “bad actors” precisely because they often have the most sensitive access but are the most likely to refuse the “extra burden” of security administration [03:15].