Intelligent CISO Issue 30 | Page 51

COVER STORY nd-user

Andrew Rose , Resident CISO for EMEA at Proofpoint
The pandemic has forced organisations and their employees to adapt to more remote ways of working and it ’ s up to CISOs to ensure this is done with security in mind to avoid being exploited by cybercriminals . Andrew Rose , Resident CISO for EMEA at Proofpoint , discusses some of the current and developing cyber-risks , and how to combat them with a people-centric security approach .
SCAN TO WATCH THE VIDEO OR CLICK HERE

WHY THE WORKING FROM HOME ECONOMY IS ACCELERATING AN OVERDUE SHIFT TO PEOPLE- CENTRIC SECURITY

cCan you give us an

overview of the current cyberthreat landscape ?
A lot of CISOs have invested heavily in technology controls , such as firewalls and intrusion detection systems , and these have been effective despite the fact they require a lot of maintenance and upgrades . This has changed the way criminals now look at organisations as technology is no longer the easiest way in .
What we ’ re seeing now is a fundamental shift of focus to social engineering – it ’ s the major attack vector these days . If an attacker can steal a legitimate user ’ s credentials , they can sail past all manner of technical controls and access the valuable data . As a result , attackers are focused on people , not technology . to be successful . It ’ s no longer a case of finding the weakness in your perimeter firewall , it ’ s about finding a staff member who will click .
What cyber-risks have been introduced – or heightened – through the mass migration to remote working ?
As many organisations have adopted a working from home model , organisations have had to consider how they can improve remote working and collaboration . So , cloud adoption has been very rapid and people aren ’ t used to the new technology , giving the criminal an opportunity to slip in attacks such as credential phishing or offer malicious applications that users may see as suspicious or unusual . We also see this in the attack models , where almost 100 % of cyberattacks require the user to intervene or act for it
Lots of people are using their home computers , rather than corporate ones , and these can lack top-tier security www . intelligentciso . com | Issue 30
51