Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
EMAD HAFFAR , HEAD , TECHNICAL EXPERTS , KASPERSKY
EDITOR ’ S QUESTION
Cybercriminals have noticed that with people spending more time on the Internet , whether working from home or shopping online , there is increased opportunity to exploit Internet users . Internet users who are not aware of the threat of phishing attacks will not be able to easily distinguish a legitimate website from a phishing website – something even experts sometimes struggle with . A security breach in an organisation caused by phishing attacks can have major repercussions .
In many cases , CIOs have the responsibility of protecting their business against cyberthreats . CIOs often have to get that task completed with low or even challenging budget . This puts the business at additional risk , as under-secured IT infrastructure can be more dangerous than unsecured systems as it might give a false sense of security .
The increasing number of cyberattacks , coupled with an increase in the number of organisations undergoing a Digital Transformation , puts CIOs at the forefront of making fundamental decisions that will help keep the business protected and achieve business continuity .
Add to that the need to have a comprehensive understanding of the threat landscape , which will reflect in their ability to prioritise the different stages of their cybersecurity strategy implementation .
CIOs have to avoid a narrow , technologycentric point of view . They need to keep in mind that a cybersecurity budget needs to cover much more than just the cost of technology . They also need to take into account the needs and projected requirements of all departments . This will help them justify their security budgets , as their decision will pertain to the benefits of a stronger security posture of the company but also one that extends across all departments and business operations .
Another common CIO pitfall is that the difficulty in aligning their security budget with business goals . A boardroom ’ s most fundamental objective is to ensure there is a return on their investment ( ROI ) and showcasing the monetary value of an avoided threat can be a challenge .
Given the latest advancements in digitisation , data sensitivity and privacy concerns , it means that businesses are in need of technical specialists , IT and security managers , CISOs and people with crossfunctional expertise . In a security career , as is true in most roles today , a product-or technology-centric expertise is not enough – the breadth of expertise required calls for a broader view . As a career in security is as much about predicting a future weakness as it is securing today ’ s environment , a security professional needs to have a keen understanding of their employers ’ sector and trends , emerging threats , the ability to foster a collaborative view of security from across departments and be able to justify investments often without direct costbenefit statistics .
Organisations are exposed to new forms of cybersecurity risks , which take advantage of employees as they work remotely . To ensure businesses do all they can to keep their employees and corporate data safe , Kaspersky recommends employers follow these measures :
• Schedule basic security awareness training for your employees . This can be done online and cover essential practices , such as account and password management , email security , endpoint security . Kaspersky and Area9 Lyceum have prepared a free module to help empower staff as they work safely from home
• Ensure devices , software , applications and services are kept updated with the latest patches
• Install proven protection software , on all endpoints , including mobile devices , and switch-on firewalls . Any solution used should include protection from web threats and email phishing . Ideally , the solution should enable functions such as allowing data to be wiped from laptops and mobile devices that are reported lost or stolen , segregating personal and work data , along with restricting apps that can be installed . • www . intelligentcio . com INTELLIGENTCIO
29