FEATURE
like spear-phishing and impersonation
attacks, each requiring its own security
measures. So how do you protect your
organisation against a multitude of
growing cybersecurity threats?
Here are a few simple rules to make sure
you are prepared for every stage of a
cyberattack, ensuring you have proper
cyber-resilience:
sure it is part of regular cybersecurity
awareness and training programmes.
They should also stress that if a user
receives an unusual email message that
is requesting them to divulge sensitive
information or make ‘urgent payments’,
it is always best to check with the IT or
InfoSec team first.
Ensuring cyber-resilience
Jeff
Ogden,
General
Manager,
JEFF
OGDEN,
GENERAL
Mimecast
ME MIMECAST ME
MANAGER,
Email is the number one business
communication tool used by
organisations. It’s also the number one
vector for cyberthreats. So it’s vital
that every organisation has an effective
strategy that covers all aspects of
email security. Email attacks take on
a variety of forms, from malware and
phishing scams to more targeted threats
www.intelligentciso.com
|
Issue 07
1. Employee training is your first
line of defence. The vast majority
of cybersecurity incidents are a
result of simple mistakes made by
employees who have the best of
intentions. Employees have long
been the weak link in cybersecurity
so it’s important to find creative
methods to encourage them to care
enough to improve, and then do
what’s right when it matters. Security
is everybody’s responsibility and
an effective awareness and training
programme for staff is therefore
essential. One off or annual training
isn’t enough to build a powerful
human firewall. You need to find
methods to educate employees
in real-time through coachable
moments and learning opportunities.
2. A multi-layered security approach
is key. One of the best ways to
keep businesses secure is through
the layering of security. Most
organisations tend to focus their
security attention on the network
and the endpoint but not enough
on their email security systems.
Traditional security controls, such
as spam and virus protection, are
necessary but no longer sufficient
given today’s email-borne threats. If
email isn’t part of an organisation’s
core security strategy, it can become
a major vulnerability. It’s used to
execute cyberattacks like malware
delivery, phishing, Business Email
Compromise and for spreading
threats that are already internal to
your organisation. Organisations
need to move and adapt quickly
to stay ahead of the latest attacks.
So, in addition to assessing and
deploying leading technologies,
organisations need to invest in third-
party threat intelligence, conduct
ongoing threat analysis and automate
remediation services.
3. Ensure business as usual. Staying
ahead of new email attack trends
is critical but it’s equally important
to be prepared for the days when
something does get through.
Ransomware is fast becoming
the most common and damaging
form of cyberattack. An always-
available archive allows you to
recover your data should disaster
strike. What’s more, downtime
could cost you productivity and
potentially customers and revenue.
It’s important to be able to quickly
and seamlessly switch to a continuity
solution that allows you to keep email
flowing in the event of an outage.
The bottom line is that a defence-only
security strategy alone is not designed
to protect against the level and volume
of advanced attacks. Failing to make
security awareness a priority, continuing
to invest in disparate technologies and
focusing on a defence-only security
strategy will lead to consequences like
intellectual property loss, unplanned
downtime, decreased productivity
and increased vulnerabilities. All
organisations need to embrace cyber-
resilience for email. u
All organisations
need to embrace
cyber-resilience
for email.
39