FEATURE: BANKING SECURITY
Protection starts with people
It’s clear that the usual defend-the-
perimeter model of cybersecurity isn’t
working – and hasn’t worked for years. More
than two thirds of IT security professionals
polled in a recent Ponemon study expect
cyberattacks to ‘seriously diminish their
organisation’s shareholder value’. And more
than half believe their cybersecurity posture
is levelling off or even declining.
Blame two converging trends: the perimeter is
dissolving and attackers are shifting their focus
away from technology and towards people.
There’s a simple reason perimeter defences
aren’t working. In today’s cloud-enabled
mobile economy, there’s no longer a
perimeter to defend. Work takes place on
devices organisations don’t support, on
infrastructure they don’t manage and in
channels they don’t own. As Gartner puts it,
the IT department ‘simply does not control
the bounds of an organisation’s information
and technology in the way it used to’.
52
INTELLIGENTCIO
/////////////////////////////////////////////////////
People always make the
best exploits
As business shifts to the cloud, so have
attackers. Cloud infrastructure may be highly
secure, but the people who use it are often
vulnerable. That’s why today’s attacks
exploit human nature rather than technical
vulnerabilities. More than 99% of today’s
cyberattacks are human-activated. These
attacks rely on a person at the other end to
open a weaponised document, click on an
unsafe link, type their credentials or even carry
out the attacker’s commands directly (such as
wiring money or sending sensitive files).
Credential phishing, which tricks users
into entering their account credentials
into a fake login form, is one of the most
dangerous examples. In the cloud era, those
credentials are the keys to everything –
email, sensitive data, private appointments
and trusted relationships.
In the third quarter of 2018, for example,
corporate credential phishing attempts
quadrupled vs. the year-ago quarter
according the Proofpoint’s Quarterly Threat
Report Q3 2018 and email fraud rose 77%
over the same timeframe.
Time to identify your most
attacked users
Just as people are unique, so is their value
to cyberattackers and risk to employers.
They have distinct digital habits and weak
spots. They’re targeted by attackers in
diverse ways and with varying intensity.
And they have unique professional contacts
and privileged access to data on the
network and in the cloud.
Together, these factors make up a user’s
overall risk in what we call the VAP
(vulnerability, attacks and privilege) index.
Vulnerability: How your
people work
Users’ vulnerability starts with their digital
behaviour – how they work and what they
www.intelligentcio.com
////////