E R T N
P
X
E INIO
OP
easier to breach their defences. In a
similar vein, larger companies in lean
IT verticals like manufacturing and
construction may have the scale but are
not as likely to have a comprehensive
cybersecurity apparatus in place.
Criminals also realise that targeting
a large, well-protected organisation
doesn’t only mean that their efforts are
likely to be wasted because security
is more advanced, but if a threat is
stopped, the security team could very
well publicise the threat, making the
criminals’ tool sets worthless. That’s
not to say that enterprises are off the
hook. Organisations with advanced IT
infrastructure are increasingly becoming
targets for state actors.
At the tactical level, existing attack
methods, such as phishing, will be made
even more effective thanks to improved
social engineering and better data
correlation. Flawless phishes are likely to
give business owners sleepless nights,
intensifying the need for awareness
training to fix gaps in the human firewall.
admit they completely trust that the
emails being sent to their devices are
safe from any type of threats.
In an age where one wrong click from
a single employee can compromise a
company’s entire infrastructure, these are
rather alarming numbers. Furthermore,
nearly 60% of employees either aren’t
aware of their companies having a formal
policy on their personal web use at work,
or there isn’t one in place at all.
From these findings, it’s clear that
respondents don’t take security
seriously and they see it as a
problem that is the concern of their
IT department only. It’s likely that this
is because of lack of training and
awareness within the organisation.
There needs to be a mindset change
and the only way to address this issue
is to conduct regular training that is
entertaining and informative.
www.intelligentciso.com
|
Issue 13
The problem is that most awareness
training programmes don’t work.
Employees need compelling reasons to
care about security and become more
resilient against preventable threats.
Creative cyber education breaks through
the passive resistance most employees
have when it comes to training.
What are the most significant
cybersecurity threats enterprises
should be aware of in the next
12 months?
In 2019, attackers are likely to shift their
attention away from large enterprises
that can afford and are starting to
implement comprehensive cybersecurity,
to smaller businesses and industries
with historically lean IT.
The small business sector is attractive
for their IP, cash flow and relatively
limited security maturity, making it
How important is the sharing of
threat intelligence?
Making use of threat intelligence and
collaborating with other players in
the security space will ensure the
industry is constantly identifying new
risks, learning from them and applying
the relevant defences to protect
organisations in the future.
Encouragingly, the new study by
Mimecast and Vanson Bourne found that
69% of UAE respondents felt that threat
intelligence was extremely important for
their organisation.
Unfortunately, 26% of organisations
said that their email security system
can’t currently provide threat
intelligence data to their security teams.
Considering the risks we have outlined
regarding email security, it’s concerning
that a quarter of organisations currently
have a gap here. u
43