EDITOR’S QUESTION
with new and more dangerous threats emerging every day – threats
like ransomware, impersonation fraud and spear-phishing – trying to
stay one step ahead of our antagonists is a constant challenge.
In our most recent Email Security Risk Assessment (ESRA) report we
found there was an 80% increase in business email compromise
(BEC) attacks which means that targeted malware, heavily socially-
engineered impersonation attacks, and phishing threats are still
reaching employee inboxes leaving organisations at risk of a data
breach and financial loss.
Most organisations lack both sufficient security controls and end-
user education when it comes to identifying and stopping the
latest email-borne threats. By concentrating predominately on
perimeter defence and outside threats, organisations struggle with
the risk that comes from their own people, emphasising the need
for organisations to implement employee awareness and education
as well as creating a cyber-resilience strategy that includes both
technology – and human-based defences.
Security is everybody’s responsibility and an effective awareness
and training programme for staff is therefore vital. One off or
annual training isn’t enough to build a powerful human firewall.
Our second-annual State of Email Security report revealed that only
11% of organisations continuously train employees on how to spot
cyberattacks. You need to educate employees in real-time through
coachable moments and learning opportunities.
I
n a cloud-first and data-rich world, the attack surface has
expanded past the traditional IT perimeter and every employee
has become the easiest route into an organisation.
Today, many organisations have not updated their traditional
security postures but now need to manage identities, mobile
devices, govern and manage ‘shadow IT’, and make sure sensitive
information is safeguarded now more than ever before. And as
cybersecurity threats have grown more sophisticated and ubiquitous,
stopping a cyberattack has become more difficult.
Cybersecurity thinking of old was mostly concerned with preventing
attacks – stopping viruses, blocking spam and rejecting malware. But
36
INTELLIGENTCIO
Making cybersecurity a priority should start from the top, yet
this isn’t always the case: 20% of organisations said their c-level
executive sent sensitive data in response to a phishing attack, and
49% admitted that their management and finance teams aren’t
knowledgeable enough to identify and stop an impersonation
attempt. It requires an organisation-wide effort that brings together
many stakeholders, puts the right security solutions in place and
empowers employees.
Businesses need to have a multi-layered cyber-resilience strategy that
includes advanced security solutions to protect them from targeted
threats in the form of malicious links, attachments and malicious
insiders within businesses. It is also imperative to educate employees
to recognise phishing emails and impersonation attacks – from the
c-suite to the reception desk – to be the last line of defence.
www.intelligentcio.com