Intelligent CISO Issue 35 | Page 37

Security teams view falling victim to phishing attacks ( 38 %) as the top cause for accidental insider threats .
FEATURE
During the first half of 2020 , the FortiGuard Labs team found that evolving work environments and a greater reliance on personal devices presented new opportunities for cybercriminals to exploit enterprise networks . One method that threat actors have heavily relied on as of late is the creation of legitimate-looking phishing emails that can be used to tailor and launch attacks with ease . While this is not a new tactic by any means , these types of social engineering attacks have only grown more sophisticated and damaging as employees continue to work remotely and remain isolated from their teams .
The need to mitigate insider threat risk
Whether they know it or not , employees can pose a significant risk to the security of enterprise networks and the data they hold . Considering that 68 % of organisations feel moderate to extremely vulnerable to insider attacks , as noted in a recent study , it ’ s clear cybercriminals can be as simple as clicking on a link or downloading a file without taking the time to determine whether or not it is legitimate .
Careless and negligent behaviours can have a lasting effect on organisations ,

Security teams view falling victim to phishing attacks ( 38 %) as the top cause for accidental insider threats .

especially in the case of a data breach . And with more employees working from home , unable to walk over to a co-worker ’ s desk to get their thoughts on a suspicious-looking email , these individuals are more likely to be susceptible to social engineering attacks . With this in mind , it is more important than ever that CISOs prioritise their employees ’ cybersecurity awareness to help them understand the role they play in keeping networks secure and reducing the insider threat risk .
Creating a human firewall through a culture of security
Renee Tarun , Deputy CISO / Vice President Information Security , Fortinet
just how significant this issue is . In addition to those that are considered malicious insiders , these threats can also be attributed to the group known as the ‘ accidental insiders ’. According to this same study , security teams view falling victim to phishing attacks ( 38 %) as the top cause for accidental insider threats , followed by spear phishing ( 21 %), poor passwords ( 16 %) and browsing of suspicious websites ( 7 %). In other words , opening the door for
Considering employees can be the best line of defence , it is crucial that CISOs protect their organisations by including employee education and awareness in their cybersecurity strategy . By embracing this technique , leaders can ensure the workforce is prepared to face the various threats .
Regardless of job titles or roles , all employees should understand the repercussions of a security event and how it could affect the organisation and them personally . The importance of this enterprise-wide strategic approach was highlighted in a 2019 Forbes Insights survey of over 200 CISOs . When asked which security initiatives they plan to prioritise in terms of funding over the next www . intelligentciso . com
37