PREDI C TI VE I NTEL L I GE NC E
Why your
employees
might be your
biggest cyber-risk
Given the complexity of the modern threat
landscape, organisations and enterprises need
to re-think their cybersecurity strategies. Adenike
Cosgrove, Cybersecurity Strategy, International,
Proofpoint, talks to Intelligent CISO about why adopting
a people-centric approach is critical to reducing an
organisation’s attack surface.
Today’s attacks target people,
not infrastructure
Organisations are spending more than
ever on cybersecurity and getting less
value from it. Attacks keep getting
through. Sensitive information keeps
falling into the wrong hands. And data
breaches keep making headlines.
It’s time for a fundamental rethink.
Traditional cybersecurity models were
built for an earlier era – when the
prevailing security model was to lock
down the perimeter and deal with threats
after they got through. The approach
barely worked then; it’s hopelessly
broken now.
That’s because people, not technology,
are attackers’ biggest target – and
your biggest risk. This change in the
www.intelligentciso.com
|
Issue 12
threat landscape requires a fresh
mindset and new strategy, one that
focuses on protecting people rather
than the old perimeter.
Protection starts with people
It’s clear that the usual defend-the-
perimeter model of cybersecurity
isn’t working – and hasn’t worked
for years. More than two thirds of IT
security professionals polled in a recent
Ponemon study expect cyberattacks to
'seriously diminish their organisation’s
shareholder value'. And more than half
believe their cybersecurity posture is
levelling off or even declining.
Blame two converging trends: the
perimeter is dissolving and attackers are
shifting their focus away from technology
and towards people.
There’s a simple reason perimeter
defences aren’t working. In today’s
cloud-enabled mobile economy, there’s
no longer a perimeter to defend. Work
takes place on devices organisations
don’t support, on infrastructure they
don’t manage and in channels they
don’t own. As Gartner puts it, the IT
department 'simply does not control the
bounds of an organisation’s information
and technology in the way it used to'.
People always make the
best exploits
As business shifts to the cloud, so have
attackers. Cloud infrastructure may be
highly secure, but the people who use it
are often vulnerable.
That’s why today’s attacks exploit
human nature rather than technical
33