Intelligent CISO Issue 13 | Page 43

E R T N P X E INIO OP easier to breach their defences. In a similar vein, larger companies in lean IT verticals like manufacturing and construction may have the scale but are not as likely to have a comprehensive cybersecurity apparatus in place. Criminals also realise that targeting a large, well-protected organisation doesn’t only mean that their efforts are likely to be wasted because security is more advanced, but if a threat is stopped, the security team could very well publicise the threat, making the criminals’ tool sets worthless. That’s not to say that enterprises are off the hook. Organisations with advanced IT infrastructure are increasingly becoming targets for state actors. At the tactical level, existing attack methods, such as phishing, will be made even more effective thanks to improved social engineering and better data correlation. Flawless phishes are likely to give business owners sleepless nights, intensifying the need for awareness training to fix gaps in the human firewall. admit they completely trust that the emails being sent to their devices are safe from any type of threats. In an age where one wrong click from a single employee can compromise a company’s entire infrastructure, these are rather alarming numbers. Furthermore, nearly 60% of employees either aren’t aware of their companies having a formal policy on their personal web use at work, or there isn’t one in place at all. From these findings, it’s clear that respondents don’t take security seriously and they see it as a problem that is the concern of their IT department only. It’s likely that this is because of lack of training and awareness within the organisation. There needs to be a mindset change and the only way to address this issue is to conduct regular training that is entertaining and informative. www.intelligentciso.com | Issue 13 The problem is that most awareness training programmes don’t work. Employees need compelling reasons to care about security and become more resilient against preventable threats. Creative cyber education breaks through the passive resistance most employees have when it comes to training. What are the most significant cybersecurity threats enterprises should be aware of in the next 12 months? In 2019, attackers are likely to shift their attention away from large enterprises that can afford and are starting to implement comprehensive cybersecurity, to smaller businesses and industries with historically lean IT. The small business sector is attractive for their IP, cash flow and relatively limited security maturity, making it How important is the sharing of threat intelligence? Making use of threat intelligence and collaborating with other players in the security space will ensure the industry is constantly identifying new risks, learning from them and applying the relevant defences to protect organisations in the future. Encouragingly, the new study by Mimecast and Vanson Bourne found that 69% of UAE respondents felt that threat intelligence was extremely important for their organisation. Unfortunately, 26% of organisations said that their email security system can’t currently provide threat intelligence data to their security teams. Considering the risks we have outlined regarding email security, it’s concerning that a quarter of organisations currently have a gap here. u 43