E R T N
P
X
E INIO
OP
to educate your employees in a way that
changes behaviour. Your employees are
your last line of defence.
What is the best way for
businesses to be protected from
email-based attacks?
Cyberattacks are evolving so quickly
and have become so sophisticated that
no matter how advanced your security
system is, there’s no guarantee that a
new attack method won’t make its way
into your organisation. The entire IT
infrastructure needs to be protected with
effective and layered security solutions.
And with email being the number-one
vector used to execute cyberattacks like
malware delivery, phishing, Business
Email Compromise, and for spreading
threats that are already internal to an
organisation, protecting this vital business
application is non-negotiable. A defence
only approach is no longer sufficient,
and organisations need to adopt cyber-
resilience. This includes having:
• An understanding of emerging threats
and how companies are remediating
• The right security services in place
before an attack happens – focused
on prevention as well as those focused
on adapting after an attack happens
• A well trained, cyber aware workforce
• A durability plan to keep email –
and business operations dependent
on email – running during an attack
or failure
• The ability to recover data and other
corporate IP after an incident or
attack occurs
How does cybersecurity
awareness training create a
strong cybersecurity culture?
One of the key elements of cyber-
resilience is having a well-trained, cyber
aware workforce. The ability to adapt
to continually evolving and escalating
cyberthreats is critical, but cybersecurity
needs to be a shared responsibility
across the organisation. Human error
is involved in over 90% of today’s
42
cybersecurity breaches. Sometimes
it’s carelessness, sometimes it’s
maliciousness and sometimes it’s things
going wrong with the best intentions.
No matter what, users need robust,
comprehensive awareness training
around cybersecurity.
By having a strong awareness training
programme, you extend your team
and prevent incidents from happening
when technology and processes fail.
Employees are also always coming
and going and the only way to keep
cybersecurity awareness alive is
to provide continuous training, so
cybersecurity is top of mind. Without that
regular training, your culture will suffer,
and people will then assume everything
is fine with no reinforcement of vigilance.
What is the best method
to educate employees
about cybersecurity?
Persistent, short bursts of training
that are tightly focused on a big idea
in corporate cybersecurity is the best
approach. Security training typically fails
because it doesn’t reflect how people
work and learn today. It’s delivered too
infrequently, it’s long, dry and boring
and employees often feel targeted,
rather than supported. When training is
unengaging and unenjoyable, people
don’t learn. If they are not armed with
the knowledge of what to look out for
and what to do when the situation arises,
they will make mistakes.
Organisations should consider a solution
like Mimecast Awareness Training. The
programme uses a continuous, virtuous
cycle that changes behaviour and lowers
risk. The foundation of the platform is
engagement through humour, which is
the key to improving awareness and
knowledge. Only by getting employees
to understand both what’s at stake and
what to do about it can you change their
attitudes and drive a lasting, positive
shift in security culture. The awareness
training should be easy, short and
supported by the leadership team.
This should come with regular KPIs on
participation rates and effectiveness with
testing of click-through rates.
Are the employees of enterprises
complacent when it comes to
email security?
Mimecast recently surveyed more than
1,000 people who use company-issued
devices (i.e. mobile phones, desktop
computers or laptops) in the workplace.
This allowed us to get a better sense
of their behaviour. Feedback from the
survey would suggest that, yes, they
are complacent.
The report found that nearly one-in-
four employees aren’t aware of the
most common threats plaguing today’s
organisations, such as phishing attacks,
impersonation attempts and ransomware.
Additionally, 15% of respondents said
they could either be more cautious or
Issue 13
|
www.intelligentciso.com