Intelligent CIO Middle East Issue 79 - Page 76

t cht lk

t cht lk

Adenike Cosgrove , Cybersecurity Strategy , International , Proofpoint
Many firms are now housing a substantial portion of their sensitive information and corporate data in the cloud . They ’ re migrating from on-premises data centres to Microsoft , Amazon and Google to ease that transition into work from anywhere . But that means our security strategy and controls need to change as we ’ re leveraging cloud services .
And the criminals recognise this shift . That ’ s why instead of hacking Microsoft , they ’ re tricking our employees into giving up those credentials to these cloud services . Why hack Microsoft , if you can just steal someone ’ s credentials and log in using their actual identity and just download the data from the cloud ? Criminals are also leveraging cloud services to host malware and this is being used to launch ransomware attacks .
Given the overall success rate and low cost of executing these email fraud attacks , we ’ re seeing UAE CISOs particularly concerned about these . Security professionals are recognising these new ways in which criminals are trying to socially engineer people – they ’ re ultimately logging in instead of hacking in .
What trends have you seen in terms of regional organisations moving to the cloud and what challenges does this present ?
The ability for employees to work from anywhere is here to stay and we ’ re seeing an increased need for organisations to enable things like virtual collaboration , cloud services and the ability for people to collaborate more effectively from anywhere , on any device , in any location .
Many organisations have migrated to office 365 . What are the hidden costs and security limitations of this ?
Microsoft really is a business enabler and businesses across the world , including those in the Middle East , are reaping the rewards of Microsoft and those collaboration services .
But we ’ ve seen the criminals too are leveraging that infrastructure . We saw malicious messages sent from Microsoft 365 , targeted at 60 million users in 2020 , according to Proofpoint ’ s threat data . This is criminals using Microsoft ’ s own infrastructure and trusted domains to spread that malware .
Email is still the number one point of entry for cyberthreats and this puts everyone at risk – internal
76 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com