Making The Smart Bet On Cybersecurity
There is no denying that cybersecurity should form a key part of any business strategy, so why do high-profile data breaches keep occurring? A lot has been written about how such attacks are becoming the norm, but reconciling the risks of an attack with an appropriate business strategy remains a significant challenge. While larger enterprises are indeed getting far more vigilant and taking measures to mitigate the chance of a breach, humans remain the biggest threat to even the most comprehensive cybersecurity strategy.
A new report aims to shine a light on how and why business leaders are caught off guard by such attacks, looking at how business leaders can be made aware of the risks of a destructive breach and the damage that can be caused. I also spoke with Candace Worley of McAfee about how we can utilise the best of both humans and machines to effectively and efficiently combat cybersecurity threats.
Phishing for a way in
The report by secure collaboration platform Wire, entitled “Odds of a Bad Bet,” illustrates the risk of cyberattacks using “odds” compiled by World Series of Poker champion and science communicator Liv Boeree. These odds compare different levels of cybersecurity threats and link them to everyday events and common casino tropes. The premise of the report is that for businesses to implement an appropriate cybersecurity strategy, business leaders must fully grasp the risks they are facing in order to permeate good cybersecurity practices throughout an organization. The odds compiled by Boeree put the risks of poor cybersecurity awareness into stark focus. Boeree states that “there is a 50/50 chance of your company suffering a costly DoS [Denial of Service] attack over the next twelve months,” and that the chance of avoiding a malware attack in the coming year is “as unlikely as pulling the Ace of Spades from a shuffled deck on the first try.” One particular element of vulnerability that the report keeps returning to is that of email systems and the people using them, building on the widely cited statistic that email phishing is the root cause of 96% of all data breaches.
To put the risks of phishing attacks in perspective, Boeree draws from her experience in casinos, claiming that “your chances of spotting a phishing email are as slim as hitting a specific number on the roulette wheel.” Boeree also finds that “an employee is three times more likely to infect a colleague with a malicious email than they are to spread flu to a partner.” This particular threat is not likely to die down any time soon, and phishing attacks are becoming increasingly sophisticated to the point that Google itself struggles to catch them all. The fight against phishing may soon be buttressed by a younger generation of workers, however, who are used to using secure and encrypted communication platforms such as WhatsApp and Snapchat in their personal lives, and expect the same level of protection in their professional communications. The expectation of a high-level of security from the incumbent workforce, and the view of email as antiquated compared to platforms such as Slack, Skype, and Wire, could help to spread good cybersecurity practices within an organization and complement existing cybersecurity strategies.
Humans and machines
Despite the persistent threats of phishing attacks and human oversight, larger enterprises do in fact understand the risks and have strategies in place to specifically target these problem areas. “Most organizations have become pretty diligent,” says Candace Worley, vice president and chief technical strategist at McAfee, “if you’re large enough to have a dedicated security team then you’re already doing security awareness outreach to your employee population.” As the largest attack surface of any organization, email phishing is understandably a major priority for these enterprises. “Most of the enterprises I work with actually send out fake phishing emails to their employees,” says Worley. This strategy helps to identify those people who are consistently falling victim to even seemingly obvious phishing attacks, and Worley argues this practice “is an integral part of keeping cybersecurity diligence at the front of your employees minds.” In McAfee itself, these “phishing expeditions” also serve to keep employees on their toes—“at least in our company, if you click on that email and have to go to training then people are going to shame you, I assure you!” jokes Worley.
This article originally appeared on forbes.com To read the full article and see the images, click here.
Nastel Technologies uses machine learning to detect anomalies, behavior and sentiment, accelerate decisions, satisfy customers, innovate continuously. To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s AutoPilot® for Analytics fuses:
- Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
- Raw information handling and analytics speed
- End-to-end business transaction tracking that spans technologies, tiers, and organizations
- Intuitive, easy-to-use data visualizations and dashboards