Business email compromise, BEC, Cloud Account Compromise, phishing and insider threats remain the main security concerns for CISOs in the region. Notably, organisations in the Middle East spend on average $11.65 Million annually on overall insider threat remediation.
Remote working has increased cyber risks as threat actors are also pursuing corporate VPN log-ins and a compromised VPN can result in direct access to all email, data, and cloud apps. Lastly, attackers have been capitalising on the popularity of video conferencing platforms using them not only as a lure for malware, but also for credential phishing, in particular to steal Zoom and WebEx credentials.
CIOs need to recognise the importance of a human centric approach by ensuring employees understand how to deal with threats.
Proofpoint delivers the most effective cybersecurity tools available to protect people against the threats that target them, as well as the information they create and access. As cybercriminals are increasingly targeting people, instead of infrastructure, Proofpoint’s comprehensive suite of advanced solutions spans email, social media, web, network, and cloud, including Microsoft Office 365.
Furthermore, Proofpoint also looks at cybersecurity with a people-centric approach where employees play a crucial role to not only spot attacks but also be aware of their role in keeping their organisations safe. Lastly, Proofpoint offers a comprehensive and ongoing security training to all their partners and customers to foster a strong security culture.
End-users must truly understand the new threats they face and how to deal with them.
As phishing emails lead to fraudulent websites that can steal personal data, end users must be very cautious before clicking on unknown links. Additionally, people must always confirm all transaction requests via phone to avoid email scams.
Other important practices that need to be actioned is the setting of strong passwords and the enhancement of home Wi-Fi by changing default password on routers and enable WPA encryption. Last but not least, as cybercriminals pursue corporate VPN log-ins to directly access all email, data and cloud apps, people need to guard VPN log-in and organisations need to ensure all remote workers are restricted to only necessary systems.
An ongoing security awareness training programme is an integral part of the transition to hybrid working.
It is important that employees connect with their IT departments to ensure they are using a secure Wi-Fi connection, company VPN, strong passwords and that they understand security policies. End-users must truly understand the new threats they face and how to deal with them.
The most effective way is through an ongoing security awareness training programme as an integral part of the transition to hybrid working. By doing this, end users will be educated on different elements covering basics such as password hygiene and phishing detection, training should make clear the proven link between simple user behaviours and severe consequences.
Recommendation for CISOs
• The Covid-19 pandemic has shown that cyber attackers are capitalising on this unprecedented period to leverage attacks on people rather than infrastructures.
• As hybrid working is becoming more prevalent, it is crucial that security decision makers stay prepared and include employees in the cyber threat mitigation plans, making security awareness training an integral part of the transition to hybrid working.
The pandemic has shown that cyber attackers are capitalising on unprecedented period to leverage attacks on people rather than infrastructures.