Intelligent CIO Middle East Issue 79 - Page 77

t cht lk employees , external suppliers , external third parties and customers that we collaborate with .

t cht lk employees , external suppliers , external third parties and customers that we collaborate with .

A core concern is the fact that these emails are leveraging outlook . com , for example , as a domain , which has a trusted reputation – so those emails are much more likely to land in the inbox . Criminals are really using a wide range of tactics to hijack these cloud email and application accounts . That ’ s why 71 % of CISOs in the UAE are more concerned about the repercussions of cyberattacks now , more than ever .
Why must email security for office 365 be a priority ?
Fundamentally , we need additional controls on top of the core capabilities that Microsoft 365 provides . If the criminals are leveraging a platform approach , we too as defenders need to leverage a platform approach . If the criminals are leveraging a number of different techniques from credential phishing to malware to Business Email Compromise , we have to have that defence in-depth platform approach to protect the user and the threat that the user is facing in the email channel .
How concerned should CISOs be about insider threats ? And how is the reported great resignation driving the rise in these ?
As cybersecurity professionals , we spend a lot of our time and budget focused on keeping threats out . We want to make sure that we ’ re protecting our data and with good reason . However , not all attacks are perpetrated by outside criminals . Sometimes that risk is inside of our house . There are two key trends that are leading to this increase in insider risk .
The first is the move to the cloud . We ’ re leveraging more cloud services , more data is going into the cloud , more people have access to that data . And then second is this work from anywhere – we have much more flexibility but with increased access comes increased risk . Are we monitoring where that data resides ? Are we monitoring who has access to that data ?
With the Great Resignation we ’ ve seen an increased risk around insider threat incidents because as people are leaving organisations they ’ re taking data with them , believing it to be theirs .
We are seeing these trends where individuals are taking data or accessing data in interesting new ways . Forrester coined an interesting phrase , stating that COVID-19 has introduced ideal conditions for insider threat – and that ’ s ultimately because we ’ ve enabled more access . So , we need to monitor that data .
How can CISOs best protect against these different attacks and ensure employees are aware of the threats presented to them ?
First , it ’ s understanding – what type of insider are you dealing with ? That should inform how your security team responds . If you ’ re dealing with someone that ’ s made a mistake , perhaps you want to send them to training again or make them aware of a security policy of and their responsibility in protecting that data .
Your response plan will be completely different if , for example , you ’ re dealing with a compromised user , someone who has maybe inadvertently given up their password and username to a cybercriminal and the criminal is now acting as that person , because they ’ re logging in using their credentials .
Further , you ’ d be responding slightly differently if you ’ re dealing with someone that is intentionally stealing company data and trying to cause harm to the organisation .
But fundamentally , the foundation of any defence is visibility . You need to have total visibility into your data and your people . The data that they are creating and how they ’ re accessing it , where it resides , who has access , whether it ’ s on premises or the cloud and how people are working with that data .
It ’ s not just about confidentiality . It ’ s also about the integrity and availability of that information . Then you need to implement technical controls like DLP solutions , or security solutions that are ultimately preventing those criminals from stealing credentials and getting access to those Crown Jewels and cloud stores . You can then implement appropriate controls to protect the threat landscape of that individual .
Also , you need to create a strong security culture . That means understanding the behaviour of people , what good behaviour you want to implement , and then building a culture programme and awareness programme to ultimately change behaviour towards that good .
As a final recommendation , people are the new perimeter , so we recommend implementing a layered defence . This includes dedicated insider threat management solutions , a strong security awareness training programme and ultimately , a critical and strong threat protection solution that ’ s blocking threats from reaching your people , irrespective of the channel or technique or platform that the criminals leveraging . p
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 77