Intelligent CISO Issue 9 - Page 29

? JEFF OGDEN, GENERAL MANAGER – MIDDLE EAST, MIMECAST T he World Economic Forum recently placed cybersecurity as the UAE’s biggest risk for doing business. As we look towards 2019 and plan for the next 12 months, I believe this will remain true and only become more of a concern. CISOs need to be aware of the risks and prepared for what’s in store. The most insidious development in the new year won’t be new attack types but rather improved execution of existing attack types through better social engineering, more advanced phishing attacks, increases in credential stuffing attacks and more complicated malware with multiple stages and different form factors for transmission, making it incredibly tricky to detect. Phishing techniques like the use of homoglyphs, elongated URLs, the use of legitimate certifications (green lock) and | Issue 09 credential harvesting sites will increase. Flawless phishes will continue to prey on the gap in human firewalls, intensifying efforts to better educate all staff. Cybersecurity awareness training, which according to a global Mimecast and Vanson Bourne study is only continuously conducted by 11% of global organisations, will need to receive renewed attention as organisations bolster the capabilities of their first line of defence: their employees. Cybercriminals will also shift focus to countries and industry verticals that lag in their adoption of more advanced cyberdefences. More industrialised countries are investing heavily in cybersecurity, making them less attractive to cybercriminals because they are no longer easy targets. Companies in particularly the Middle East and Africa often assume their security is sufficient without realising that the threat landscape is drastically shifting. This makes them easy targets for cybercriminals who tend to follow the path of least resistance. Attackers will also continue to shift their attention away from larger organisations to small and medium businesses. editor’s question As a result, every security specialist, no matter what the size of their organisation, what country they operate in or what vertical their business falls into, will need to rethink their approach to cybersecurity and implement a cyber- resilience strategy. Firstly, it’s important to have advanced security in place. This involves ensuring you have adequate threat protection with a multi-layered inspection system that is effective against both widely used commodity attacks, as well as customised and highly targeted attacks. Insider threats are also on the rise, so internal protection will need to be part of any security strategy. Next, organisations need to move and adapt quickly to stay ahead of the latest attacks. This will mean having access to threat intelligence and the right security staffing resources to analyse threat data and deploy the right technologies. Delivering inline user education to help employees be more aware and guarded is another important part of being adaptable. But what happens in the event of a successful attack? As mentioned, cybercriminals are becoming so sophisticated and their techniques are so advanced that a defence-only security strategy alone is not going to protect against the level and volume of attacks. Email may be forced offline by a cyberattack, or purposely by IT to contain a threat. Either way, disruption to email flow can directly impact business operations and limit the ability to communicate. All organisations should strongly consider a continuity solution that allows employees to continue with business as usual. CISOs should also ensure that data is protected and accessible for users. In the event of a cyberattack it’s important to be able to recover all data and other corporate IP after the incident. 29