EXPERT
OPINION
Email
protection: A
people-centric
approach
Email remains the top initial threat vector of choice
for most malicious actors which means it’s crucial that
organisations pay close attention to keeping their email
gateways secure. Emile Abou Saleh, Regional Leader –
Middle East, Turkey & Africa, Proofpoint, tells us about
the importance of human behaviour in preventing these
types of attacks and offers advice to CISOs looking to
strengthen their email security strategies.
wWhat is the current cyberthreat
landscape in the UAE?
The cyberthreat landscape in the United
Arab Emirates (UAE) is rapidly evolving,
with cybercriminals increasingly targeting
people rather than infrastructure. In fact,
Proofpoint’s recent survey of CISOs and
CSOs in the region revealed that 82% of
UAE organisations suffered at least one
cyberattack in 2019. Over half (51%)
reported multiple incidents and almost a
third (31%) experienced one.
From email-based threats, such as
Business Email Compromise attacks
(BEC), to compromising cloud accounts
and debilitating ransomware attacks,
cybercriminals are aware that employees
can easily be tricked. Using social
engineering attacks, cybercriminals
can steal credentials, siphon sensitive
data and fraudulently transfer funds.
Employees across all job levels and
functions can put your business at risk
in numerous ways, from using weak
passwords and sharing credentials
to clicking on malicious links and
downloading unauthorised applications.
To address this, organisations must
consider how often they are being
targeted, the risks these attacks pose
and how prepared they – and, more
importantly, their workforce – are.
Employee education and security
awareness is often the difference
between an attempted cyberattack and a
successful one.
How much of a target are emails
and why, and what threats are
introduced via email?
Email is and will remain the initial threat
vector of choice for most actors.
Emile Abou Saleh, Regional
Leader – Middle East,
Turkey & Africa
Email-based threats are among
the oldest, most pervasive and
widespread cybersecurity threats hitting
organisations worldwide. From massive
malware campaigns targeting millions
of recipients with banking Trojans to
carefully crafted email fraud, the email
threat landscape is extremely diverse,
creating a wide range of opportunities
for threat actors to attack organisations.
More importantly, email allows threat
actors to attack individuals within
an organisation, a far more lucrative
and effective approach than targeting
infrastructure. These threats must
continuously grow in sophistication as
humans become better at detecting
them over time.
Credentials are often phished via
email – a method of attack that
remains alarmingly effective.
www.intelligentciso.com | Issue 29
41