Intelligent CISO Issue 13 | Page 41

E R T N P X E INIO OP How CISOs can protect against email threats The cost of inadequate email security can be enormous both in terms of financial damage and reputation. Intelligent CISO asked Jeff Ogden, General Manager – Middle East, Mimecast, how CISOs can protect their organisations from email threats. H How much of a risk do email based attacks pose to enterprises? More than 90% of hacking attacks today begin with some kind of email phishing attack or spear-phishing threat, and yet email security is still not being made a priority by organisations. In new research by Mimecast and Vanson Bourne, 39% of UAE organisations say it is likely that they will suffer a negative business impact from an email-borne attack in 2019. If email security isn’t made a priority, organisations run the risk of losing data, money, customers and reputation. The cost of email security threats on an organisation can be enormous. Aside from the fines and legal actions that result when sensitive customer information or financial data is breached, email security threats can cost millions of dollars in reduced customer www.intelligentciso.com | Issue 13 Jeff Ogden, General Manager – Middle East, Mimecast confidence, damage to reputation and, ultimately, loss of business. In fact, Vanson Bourne’s research indicated that 77% of all surveyed UAE organisations had suffered some kind of loss because of an email-based impersonation attack in the last 12 months. responsible work force and security culture, to bolster your defence by creating a ‘human firewall’. According to a report from Gartner, the security awareness computer-based training market will grow to more than US$1.1 billion by year-end 2020. Why is cyber-awareness so important for businesses? According to research Mimecast conducted with Vanson Bourne, 95% of UAE organisations have seen phishing attacks in the last 12 months, yet only 32% responded that they train employees on an ongoing basis on how to spot cyberattacks. The human is the weakest link and until the employee can identify simple threats like phishing and more advanced ones like impersonation fraud and spear phishing, an organisation remains vulnerable. Despite the most advanced protections that can be put in place and despite the best threat intelligence available, organisations remain vulnerable because of their employees’ basic lack of security awareness. However, it is possible to raise awareness, to create an engaged and The vast majority of cybersecurity incidents are a result of simple mistakes made by employees who have the best of intentions and these casual mistakes can cost organisations money, their reputation – and employees, potentially their job. As cyberattacks continue to find new ways to bypass traditional threat detection methods, it’s essential 41