Intelligent CIO North America Issue 03 | Page 82


Building a human firewall to address insider threats

Creating a strong cybersecurity culture is paramount to the smooth running of a company ’ s operations , particularly as attacks become more advanced . Renee Tarun , Deputy CISO / Vice President Information Security , Fortinet , discusses the steps for how CISOs can establish a baseline for good cyberhygiene and ensure their employees take cybersecurity seriously .

During the first half of 2020 , the

FortiGuard Labs team found that evolving work environments and a greater reliance on personal devices presented new opportunities for cybercriminals to exploit enterprise networks . One method that threat actors have heavily relied on as of late is the creation of legitimate-looking phishing emails that can be used to tailor and launch attacks with ease . While this is not a new tactic by any means , these types of social engineering attacks have only grown more sophisticated and damaging as employees continue to work remotely and remain isolated from their teams .
The need to mitigate insider threat risk
Whether they know it or not , employees can pose a significant risk to the security of enterprise networks and the data they hold . Considering that 68 % of organizations feel moderate to extremely vulnerable to insider attacks , as noted in a recent study , it ’ s clear just how significant this issue is .
In addition to those that are considered malicious insiders , these threats can also be attributed to the group known as the ‘ accidental insiders .’ According to this same study , security teams view falling victim to phishing attacks ( 38 %) as the top cause for accidental insider threats , followed by spear phishing ( 21 %), poor passwords ( 16 %) and browsing of suspicious websites ( 7 %). In other words , opening the door for cybercriminals can be as simple as clicking on a link or downloading a file without taking the time to determine whether or not it is legitimate .
Careless and negligent behaviors can have a lasting effect on organizations , especially in the case of a data breach . And with more employees working from home , unable to walk over to a co-worker ’ s desk to get their thoughts on a suspicious-looking email , these individuals are more likely to be susceptible to social engineering attacks . With this in mind , it is more important than ever that CISOs prioritize their employees ’ cybersecurity awareness to help them understand the role they play in keeping networks secure and reducing the insider threat risk .
Creating a human firewall through a culture of security
Considering employees can be the best line of defense , it is crucial that CISOs protect their organizations by including employee education and awareness in their cybersecurity strategy . By embracing this technique , leaders can ensure the workforce is prepared to face the various threats .
Regardless of job titles or roles , all employees should understand the repercussions of a security event and how it could affect the organization and them personally . The importance of this enterprise-wide strategic approach was highlighted in a 2019 Forbes Insights survey of over 200 CISOs . When asked which security initiatives they plan to prioritize in terms of funding over the next five years , 16 % of respondents noted the creation of a culture of security .
82 INTELLIGENTCIO www . intelligentcio . com