David Raisipour, Director of Technology and Products, Mimecast.
By the time you've finished reading this article, someone in your organization may have been the victim of a social engineering attack.
Such an attack can take the form of a phishing email with hidden malware. Or maybe a text message from an anonymous "customer service representative" asking for the company's credit card number. Slack notification from "internal admin" asking for secret VPN credentials. Maybe even a Zoom meeting is an invitation sent out by digital hackers posing as a friendly colleague.
It only takes one mistake to jeopardize your business.
Unfortunately, the hypothetical examples above are not mere exaggerations intended to represent scenarios to ultimately deter CISOs. The real-world events that characterize the dangerous environments in which we live and work today are stark microcosms of the complex and rapidly changing cyber threat landscape.
The proliferation of social engineering attacks aimed at crossing business relationships, people and data is more prevalent than ever as society moves towards hybrid cloud working models. Almost every company in our Enterprise Email Security 2022 report has experienced phishing attempts in the past year, with the majority of respondents reporting similar incidents over the same period. Additionally, email attacks targeting businesses cost businesses more than $43 billion worldwide, according to a 2022 report by the Federal Bureau of Investigation as of June 2016.
Before we can make any meaningful progress in the fight against persistent cybercrime, a shift in thinking must take place in both the public and private sectors. Trying to deal with sophisticated threat actors with security teams looking to implement ubiquitous devices and systems adds another layer of complexity to the task. Instead, companies must design their security systems around a holistic teamsport approach that brings people, process, product, and API partnerships together on a unified front.
Adopting a team sport philosophy unleashes numerical power with a holistic lineup on a hybrid offensive surface, opening clear pathways to a strong security position that allows organizations to be on the alert.
Empower your employees.
Building an effective cybersecurity structure is not just about applying innovative technologies and advanced solutions. Safety is a human concern. The vast array of systems that organizations use are built by people, operated by people, and most importantly, created to protect people. Ultimately, it is crucial to create an intuitive architecture that effectively eliminates vulnerabilities caused by human error. The combination of cyber-resistant equipment combined with well-integrated solutions gives organizations the agility they need to deal with today's threats.
It starts with a strong focus on your team, your partners, suppliers and your manager. Reduce burnout and address cybersecurity skill shortages with AI and machine learning tools that streamline processes, automate repetitive tasks, and improve detection/response efficiencies. Empower your employees, as well as your partners and vendors, to become strong cyber citizens through continuous user education on email security and collaboration best practices. Assist your CEO in improving cyber readiness by building sufficient skills on your board and effectively articulating the relationship between cyber risk and business risk. I wouldn't ask a CFO to develop a corporate marketing strategy, so why leave the important task of developing a strong security system to executives without extensive cybersecurity experience?
Simplify your security environment
The adoption rate of new security products and services is higher than ever. According to Gartner, corporate spending on cybersecurity is expected to exceed $188 billion by 2023, an 11.3% increase from 2021. This is in response to the acceleration of cyber threats amid rapid digital transformation. The problem of device distribution in different industries. On average, companies have between 60 and 80 devices in their portfolio, some even as many as 140.
Device proliferation is problematic because it complicates already stressed security teams. Each time a new solution is added to the stack, the analyst must learn how to implement, configure, and maintain it in a short amount of time in order to fully immerse himself in the complexity of the technology. Increasing complexity is making technology governance a priority over risk management, creating gaps and loopholes for socially engineered attacks to slip past security teams.
This increases the importance of prioritizing the adoption of a tool that addresses specific vulnerabilities on hybrid attack surfaces. Can the solution protect workers no matter where they work? Does it make it easier for analysts to spot and respond to incidents to be more effective? Can it work with other systems to share real-time threat intelligence and end-to-end visibility? These are the questions that should be the most important.
Using the Associations API
An extensive library of APIs and third-party integrations is the third component of the TeamSports approach. As a simple example, consider the various components of a high-profile NFL offense built around an elite quarterback. If your offensive line can't protect you in the pocket, you won't have enough time to process the read and find the wide receiver. If the tight end misses the correct route, a poor pass can result in a costly interception. Even the best defender in the world cannot lead a team alone. To win games, all 11 players on the field must work together.
The same applies to cyber security. Combating social engineering attacks requires end-to-end solutions that provide the right protection, detection, and response mechanisms at scale. Without interconnected tools and technologies that unify core security functions in a single framework, organizations cannot protect data throughout its lifecycle and be victorious against malicious adversaries.
While hybrid social engineering attacks in the workplace will continue to proliferate, the actions organizations take today will determine their ability to operate safely tomorrow.
The Forbes Technology Council is an invitation-only community for CIOs, CTOs, and CTOs. I am right?