SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Shields up: surprises are the new normal
Wed, 17th Feb 2021
FYI, this story is more than a year old

The most common way for a cyber threat to penetrate an organisation is through email, but there are many other ways to create havoc - for some criminals, it is their life's work to come up with different ways to facilitate attacks.

Now there are more attack vectors than ever. Combined with the major uptick in remote work and cloud-based collaboration - all of which are creating more access points into corporate networks - every organisation and its supply chain are now taking on additional risk, according to Mimecast.

Organisations cannot ignore that risk. Growing cybercrime marketplaces, remote and hybrid working and human error are not going to disappear.

A 2020 Mimecast study found that 73% of more than 1000 respondents admitted to using their company-issued devices for personal matters for things such as checking emails, financial matters, and even social media and online shopping.

Organisations need to get their heads around how to deal with this increased risk. Some organisations are doing well. Even so, with cybercrime marketplaces, remote and hybrid working and human error here to stay, there is a lot more work to do.

A 2020 Mimecast study found that 73 per cent of more than 1000 respondents admitted to using their company-issued devices for personal matters for things such as checking emails, financial matters, and even social media and online shopping, further increasing the threat of human error.

Organisations may use awareness training to discourage staff from conducting risky behaviours such as these, but it seems the message isn't quite getting through. Why? Well, training regimes could suffer from low engagement, and they could even be too long.

“Most of training content and frequency is completely ineffective at winning the attention of employees to reduce today's cybersecurity risks, especially with the added distraction of working from home,” says Mimecast's principal technical consultant, Garrett O'Hara.

“Training that staff actually pay attention to is crucial to avoid putting any organisation at risk. Employees need to be engaged, and trainings need to be short, visual, relevant and include humour to make the message stick. We all remember our favourite childhood TV commercials and while cybersecurity will never be that cool, the onus is on us to make it more appealing than just another boring compliance video.

Forrester analyst Jinan Budge agrees - security programs should ideally be human-centric. They could use humour or gamification to make the education process more enjoyable for staff - or they could use modern learning techniques like micro-and nano-learning platforms.

According to Garrett O'Hara, on-premise security controls are out, and cloud-based security controls are in - particularly in the areas of email, network, and web security, as well as identity management. In essence, the internet will provide better security for the internet.

Identity management is an issue of particular importance because the price is high when things go wrong. At Mimecast's upcoming Connect: Destination Cyber Resilience virtual conference, UK comedian and writer Bennett Arron will talk about how easy it really is to steal someone's identity, and what it's like when your identity is stolen.

2021 is well underway: What are your goals?

Mimecast's O'Hara comments that last year pushed the accelerator on cybersecurity and digitisation changes that were happening anyway and through adversity many organisations were forced into a more resilient structure.

Echoing this sentiment, Forrester's Jinan Budge says 2020 wasn't the year security and risk professionals expected, but if one thing is for certain, it taught everyone that they can endure.

Budge believes 2021 will require more of the same - change, adaptation, and resilience. This will have a major impact on security teams worldwide, which Budge will address in much more detail at Mimecast Connect when she explores the topic, The Path To a New Normal Demands Increased Cybersecurity Resilience.

Mimecast Connect: The what's what of cybersecurity in 2021

You need to know about this year's cyber threats so that you can be prepared.

Don't miss Mimecast Connect, which covers Forrester's Cybersecurity predictions for 2021 including:

  • Increase of data breach causes by insider incidents
  • Repercussions for CISOs instilling a toxic security culture
  • Increased breaches to retail and manufacturing due to direct-to-consumer shift

The online event also features talks from Jinan Budge and Bennett Arron, futurist Steve Sammartino, Mimecast cofounder and CEO Peter Bauer, and much more.