The need to address human risk management, email and phishing attacks, and generative AI among users across organisations of all types provides the backdrop for Mimecast’s SOECS 2024 report
Based on interviews with 1,100 CISOs and other information technology professionals from numerous industrial sectors and six countries, the report documents the precise nature of these risks and the steps that are being taken to overcome them.
The phrase “security culture” is being used a lot more often within organizations, during conversations with other security professionals and even in the media. But there is a problem: the definition is not necessarily clear, and the steps to start working toward creating a positive security culture are even less clear. Organizations only have a vague idea what that really looks like or how to accomplish it. This guide exists to provide a high-level look at what security culture is and what actions you can take to begin favorably changing the security culture within your organization. The goal of this guide is not to give a detailed deep dive into all things security culture (though we’ll provide resources for that in the future); instead it is to help readers understand the fundamentals of what security culture is and what steps you can take to move the culture needle in your organization. It is important to understand that making a meaningful culture shift is not something that happens overnight. Dedication and consistency will lead you to great results. The more established your security culture is, the easier it is to maintain, and new employees tend to align with this culture rather quickly. We are social creatures. Many behaviors are caught rather than taught. When we start a new job, we subconsciously adopt many of the behaviors we see. If people lock their workstations every time they walk away from their computers, new employees often pick up habits like this without giving it much thought at all because it has been socially modeled as just the way things are done here. This is the beauty of a strong and present security culture; once momentum is gained, it becomes easier to maintain. Download Now
VERIZON’S 2021 DATA BREACH INVESTIGATIONS REPORT SHOWS THAT PHISHING CONTINUES TO BE THE TOP THREAT ACTION USED IN SUCCESSFUL BREACHES. CYBERCRIMINALS STOLE LOGIN CREDENTIALS IN 85% OF BREACHES LINKED TO SOCIAL ENGINEERING. Cybercriminals never take holiday. In fact, 2020 gave them reason and renewed motivation to ramp up their nefarious efforts. Phishing incidents nearly doubled in frequency from 2019 to 2020, from 114,702 incidents in 2019, to 241,324 incidents in 2020, according to the U.S. Federal Bureau of Investigation (FBI). Overall, phishing held sway as the most common type of cyber crime last year, according to the FBI. The idea that technology can prevent all cyber-related incidents has never been further from the truth because cybercriminals know the easiest way in is through your people. Security leaders must understand that there is no such thing as a perfect, fool-proof, impenetrable secure environment. Many organisations fall into the trap of trying to use technology as the only means of defending their networks and forget that the power of human awareness and intervention is paramount in arriving at a highly secured state. Every security leader faces the same conundrum: even as they increase their investment in sophisticated security orchestration, cyber crime continues to rise. Security is often presented as a race between effective technologies and clever attack methodologies. Yet there’s an overlooked best practice that can radically reduce an organisation’s vulnerability: security awareness training and frequent simulated social engineering testing. Download Now
It’s time to secure your most important digital asset! You use your email to sign up for services, reset passwords, communicate with various people and organizations, and so on. Naturally, your inbox contains a lot of information that’s immensely valuable to you. Given that your email account holds the key to your digital life, it’s vital to shield the former from potential attacks. And this guide can show you how to do so. The guide covers vulnerabilities in email, common email security mistakes, and tips to secure your email account. It also highlights secure email providers and email encryption tools. Plus, it explores the role of instant messaging apps in communication and whether they should replace email. Download Now
