Intelligent CISO Issue 40 - Page 21

The most successful attack vector right now is phishing , followed by credential theft and then human error .
cyber trends the primary risks to cybersecurity within their organisation . And they ’ re worried about things like unidentified devices , unidentified tools and the security around data that people are working with . That compares to around 60 % globally .
The most successful attack vector right now is phishing , followed by credential theft and then human error .
These top three successful attack vectors are all entirely focused on the human , so it ’ s quite clear that we really should be focusing security around that human to try and make them as strong as possible , because the repercussions of their failure can be quite catastrophic .
The first thing to do is to realise that the firehose of threats that reaches your organisation comes via email , so make sure you ’ ve got great email hygiene in place because if you can cut it out , you ’ re reducing a huge amount of the risk to your enterprise .
The next logical step is to provide security training to staff to make sure the threats that do get through that gateway can be recognised and dealt with appropriately .
The final piece is to think about insider threats , identifying accounts that have been ‘ stolen ’ and are being used in a suspicious way , and then locking them down before they deliver ransomware or other attacks . Credential theft attacks mean you really need to be able to identify those suspicious activities and understand the context of what ’ s happening so you can react appropriately .
How can CISOs instil confidence in their customers , stakeholders and the market , that the new environment – whether they ’ re completely remote or taking a hybrid approach – is workable indefinitely ? they are more vulnerable because they ’ ve moved to a largely remote working enterprise and 76 % say they ’ ve seen more attacks since this has happened . And that ’ s worse than the global position .
Globally , 58 % believe they ’ re more vulnerable and about 60 % saw more attacks , so the Middle East is feeling the pain of remote working a little more than global organisations .
One key aspect is that it ’ s essential for CISOs to get good visibility on where data is residing , because if you don ’ t know that , you can ’ t protect it . Then you have to think about how you can make

The most successful attack vector right now is phishing , followed by credential theft and then human error .

sure that the identity that accesses the data is protected too , usually via Multi-Factor Authentication ( MFA ). But attackers are looking for ways to bypass MFA , so we have to stay alert to that too .
Knowing where your data is and putting MFA in place is a good start .
What are the top priorities for regional CISOs over the next few years and how does this compare to the global picture ?
The fact that CISOs don ’ t know where the next punch is coming from drives a great diversity in strategies as there is no one area to prioritise .
Globally , we are seeing a focus on core security controls that is putting in place endpoint detection and response , patching perimeter devices and core elements which help across a broad range of security threats .
However , within the UAE , there ’ s more of an external-facing perspective . The first priority was addressing supplier risk , and second was supporting remote working . Interestingly , KSA was different from most other global responses , because its top two were actually the lowest two for the rest of the world – 1 ) outsourcing security controls and 2 ) enabling business innovation . u
For good or bad , we ’ re already in a remote work environment and I don ’ t think there ’ s any turning the clock back .
Looking at some of the data from the Middle East , two in three CISOs believe
www . intelligentciso . com
21