Intelligent CISO Issue 07 | Page 79

decrypting myths and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’ first line of defence, rather than the weakest link in the security chain. Ongoing training and education programmes are essential, such as role-specific training to users that are targeted based on their privileges or access to data. 5. Share information to break the silence associated with cybercrime Verizon has always prided itself on sharing information on cybercrime and threat patterns; this is one of the key factors behind the publication of our annual DBIR. We believe that only by sharing cybercrime information can companies and governments effectively combat cyberthreats. This year, DBIR data gathered from around the world was made accessible to information security practitioners in order to get them to understand the evolving threats they face. The Verizon DBIR Interactive tool, an online portal, enables organisations around the globe to explore the most common DBIR incident patterns from the report. represent 98% of social incidents and 93% of all breaches investigated in the 2018 DBIR – with email continuing to be the main entry point (96% of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities. Ali Neil – Director of International Security Solutions at Verizon 4. Educate employees so they know of the ongoing dangers Employees are still falling victim to social attacks. Financial pretexting and phishing www.intelligentciso.com | Issue 07 More importantly, we have seen pretexting incidents increasing over five-fold since the 2017 DBIR, with 170 incidents analysed this year (compared to just 61 incidents in the 2017 DBIR). Eighty-eight of these incidents specifically targeted HR staff to obtain personal data for the filing of fraudulent tax returns. This clearly demonstrates the need to continue to invest in employee education about cybercrime It is our intention that this sharing of information continues, now and in the future. We hope that companies will continue to proactively share information on breaches as time progresses. Barriers are already lowering, as businesses discover that there is more to be learned from sharing than from sitting in silence. These are just initial steps towards developing a security strategy that is based on actionable data insights and intelligent security solutions. Continuing to evolve security according to today’s threat landscape is critical. The security landscape will continue to evolve and we all need to work together if we’re going to be able to keep one step ahead of the cybercriminal. u 79