Intelligent CISO Issue 13 | Page 76

scams where a bank’s internal systems and ATMs are breached. Fortunately, this has not happened in Bahrain yet, which makes it essential for us to be alert and focus on early prevention. attack, organisations should always expect that many attacks will reach their staff, and the only real defence towards this is to train and educate staff to be more vigilant. How can you help them overcome these threats? Why is it better to prevent attacks in their infancy and what is the best way of doing this? Conducting awareness sessions and regularly updating your employees on the latest attack techniques and threats will help reduce the risk of malware or compromised data. At CTM360, we believe that a pre-emptive approach is always the best choice. This includes tackling threats in infancy and neutralising threats before they affect your systems. Currently, the cybersecurity industry focuses on Indicators of Compromise (IOC) which is not wrong. However, we do need organisations to prioritise Indicators of Warning (IOW) and Indicators of Attack (IOA). What are the most worrying security threats in the region? To properly tackle cyberthreats, it is essential that we give sufficient attention to all stages of the Cyber Kill Chain rather than focusing on one segment alone. Another example that is also worrisome is when a widespread breach happens which causes one or more organisations to block their systems temporarily. Though reversible, it is still destructive. Another way to help is to ensure that all organisations have DMARC appropriately configured on their domains. DMARC stands for Domain-based Message Authentication, Reporting and Conformance and is fast becoming a global standard. The effectiveness of this standard has also inspired the origination of DMARC360, another one of my technology start-ups, with a mission to ensure all organisations are DMARC compliant. Through DMARC360, organisations are able to implement digital signatures on their domains to avoid common email threats, including impersonations (BEC), spoof emails and scams that damage an organisation’s brand reputation. What is the best way for companies to protect themselves from phishing? This has to be addressed in two parts. Firstly, through technology to ensure organisations block all known ‘phish’ URLs. Secondly, since cybercriminals are continually finding new ways to 76 The most worrying threat is when an organisation’s system gets compromised and can no longer be used (i.e Shamoon attack). This is one of the most disruptive types of attacks because it can hold the system down and the user has no control whatsoever. What advice would you give to CISOs, so they deliver an effective multi-layered approach to security? The best advice is to identify and fill gaps through a multi-layered approach. More often than not, security teams focus more on one layer and neglect the rest. The problem is sometimes, a particular attack type arises which leaves security teams to focus on one layer and completely lose sight of all other segments. It is best to ensure that security is practiced in a balanced manner to have full visibility and sufficient attention to all layers of security. To do this, it is crucial that IT security, information security and cybersecurity teams collaborate and tackle threats together. Finally, put a stress on training and educating all levels of staff on being more vigilant when it comes to cybersecurity, this should include board members and executives as they are highly targeted individuals. u Issue 13 |