Intelligent CISO Issue 07 | Page 39

FEATURE like spear-phishing and impersonation attacks, each requiring its own security measures. So how do you protect your organisation against a multitude of growing cybersecurity threats? Here are a few simple rules to make sure you are prepared for every stage of a cyberattack, ensuring you have proper cyber-resilience: sure it is part of regular cybersecurity awareness and training programmes. They should also stress that if a user receives an unusual email message that is requesting them to divulge sensitive information or make ‘urgent payments’, it is always best to check with the IT or InfoSec team first. Ensuring cyber-resilience Jeff Ogden, General Manager, JEFF OGDEN, GENERAL Mimecast ME MIMECAST ME MANAGER, Email is the number one business communication tool used by organisations. It’s also the number one vector for cyberthreats. So it’s vital that every organisation has an effective strategy that covers all aspects of email security. Email attacks take on a variety of forms, from malware and phishing scams to more targeted threats www.intelligentciso.com | Issue 07 1. Employee training is your first line of defence. The vast majority of cybersecurity incidents are a result of simple mistakes made by employees who have the best of intentions. Employees have long been the weak link in cybersecurity so it’s important to find creative methods to encourage them to care enough to improve, and then do what’s right when it matters. Security is everybody’s responsibility and an effective awareness and training programme for staff is therefore essential. One off or annual training isn’t enough to build a powerful human firewall. You need to find methods to educate employees in real-time through coachable moments and learning opportunities. 2. A multi-layered security approach is key. One of the best ways to keep businesses secure is through the layering of security. Most organisations tend to focus their security attention on the network and the endpoint but not enough on their email security systems. Traditional security controls, such as spam and virus protection, are necessary but no longer sufficient given today’s email-borne threats. If email isn’t part of an organisation’s core security strategy, it can become a major vulnerability. It’s used to execute cyberattacks like malware delivery, phishing, Business Email Compromise and for spreading threats that are already internal to your organisation. Organisations need to move and adapt quickly to stay ahead of the latest attacks. So, in addition to assessing and deploying leading technologies, organisations need to invest in third- party threat intelligence, conduct ongoing threat analysis and automate remediation services. 3. Ensure business as usual. Staying ahead of new email attack trends is critical but it’s equally important to be prepared for the days when something does get through. Ransomware is fast becoming the most common and damaging form of cyberattack. An always- available archive allows you to recover your data should disaster strike. What’s more, downtime could cost you productivity and potentially customers and revenue. It’s important to be able to quickly and seamlessly switch to a continuity solution that allows you to keep email flowing in the event of an outage. The bottom line is that a defence-only security strategy alone is not designed to protect against the level and volume of advanced attacks. Failing to make security awareness a priority, continuing to invest in disparate technologies and focusing on a defence-only security strategy will lead to consequences like intellectual property loss, unplanned downtime, decreased productivity and increased vulnerabilities. All organisations need to embrace cyber- resilience for email. u All organisations need to embrace cyber-resilience for email. 39