�
PREDICTIVE
INTELLIGENCE
We used to see US $ 100 to US $ 800 for ransoms , now we ’ re seeing ransoms in the millions . it again . It really should be a living document that is conducive to a security programme that you ’ re constantly revisiting , updating and continuing to strengthen all the time .”
Key priorities for CISOs and CIOs in 2021 to get on top of malware
A key priority for the year ahead is for executives to have a solid understanding of exactly what is coming in and out of their environment .
“ We talk about information security and that really is about protecting information . When information is in transit , that ’ s when the security problems begin , so understanding what ’ s coming in and what ’ s coming out is crucial ,” DeGrippo said .
“ Email continues to be the number one threat vector so understanding what is coming in and understanding what is coming in to whom .
“ Who are these people that are receiving these threats ? Why are they attractive to the threat actors ? I ’ m really focused , especially as we go into the next year , on thinking not about threat modelling , but threat inventory and the threats that are actually coming in .
“ It really shouldn ’ t be a theoretical practice anymore ; we really should be able to understand from a people-centric lens each person in our organisation and what threats they ’ re actually facing each day .”
That then enables the CIO to make informed decisions about who to protect , where and with what .
“ I think that there absolutely are vertical targeted threats , there are regionally targeted threats and we see those tailored to the financial institutions that are used in a specific region or specific government alerts ,” DeGrippo added . “ I think it ’ s really important to make sure that the people that are potential targets in your organisation understand the realities of what to click on and what not to click on .”
She added that researchers had seen the threat landscape align and focus itself around business hours , business days and business processes .
“ It ’ s understanding that the more you ’ re sitting at that desk , the more you actually are at risk . It really does go down on weekends and holidays . So having a good understanding that the threat landscape is more active on the days that people are more active at work , and being conscious of that , to avoid potential social engineering threats .” u www . intelligentciso . com
35