The insider threat: How much should enterprises worry about its impact on cybersecurity?

CHRISTOPHER BUDD, ED CABRERA |

article image
When assessing cybersecurity risks, it’s natural to devote significant attention to external threats. A recent survey by Ernst & Young LLP underscored rising concern about hacktivists, syndicates and state sponsors of cybercrime, which together were cited as more problematic than the “insider threat” – the blanket term denoting risk from both accidental and malicious activity by parties within or close to an enterprise – that has made so many headlines in recent years.

Spotlight

Orange Business Services

We are making business life easier, every day and all around the world. As a global IT and communications services provider, Orange Business Services helps companies collaborate more effectively, operate more efficiently and engage better with their customers – connecting their people, sites and machines securely and reliably.

OTHER ARTICLES

Cybersecurity Marketing Tips for 2022

Article | September 22, 2021

Cybersecurity is growing as a market, and it has exploded since the pandemic started. This is because the companies incorporated remote work culture like never before. As a result, cyber threats and challenges are increasing. Cyber threats can jeopardize any business. Thus, the demand for cybersecurity products is increasing. However, the providers struggle to meet the increasing demand for cybersecurity services, and the competition is high. Whatever your business, effective marketing makes you stand out from the crowd. As technology has transformed, various online platforms are being used for effective marketing of all the products. As a result, most leads and sales are coming through online channels today regardless of your business. Thus, having an effective online marketing strategy defines the future of you and your business. So is in the case of cybersecurity products and marketing. Therefore, you should have a clear-cut cybersecurity digital marketing strategy to stand out from the crowd and reach your target audience at the right time with the right message. Are you a cybersecurity software service provider? Are you struggling with cybersecurity marketing? Read further to know the possible challenges of cybersecurity marketing and how to overcome them proactively. Cybersecurity Marketing- Challenges Like every other business, cybersecurity marketing, too, face many challenges. This is because the technology has developed and the competition is high. In addition, educating potential customers about the need for cybersecurity and its effectiveness is a tiresome job. Some of the significant challenges faced by cybersecurity marketers can be the following: Educating Potential Clients Most business people are not aware of the need for cybersecurity today. This is because they are ignorant of it. They will only know its importance when their business is jeopadized due to malware or an incident of phishing. Thus, intense, informative, convincing, and educational content creation is another challenging part of cybersecurity digital marketing. Building Trust, Credibility, and Trustworthiness Trust and credibility matter. Whatever cybersecurity products they use, the cybersecurity professionals know that no cybersecurity software is a hundred percentages safe. Therefore, it is a challenge to stand out from the crowd and get the trust of your potential clients as many vendors are claiming they have the best product in the world. Due to these reasons, building up trust, credibility, and trustworthiness is a hard job for cybersecurity marketers. Finding and Reaching out to your Real Target Audience ‘One-size-fits-all’ policy does not work with cybersecurity businesses. Your product can be applied to particular clients only. Thus, advertising it for the benefit of all is a foolish thing to do in cybersecurity marketing. All cybersecurity professionals know it. Therefore, finding the specific target audience for your product is a challenge. However, having a proactive cybersecurity marketing strategy and knowing the dos and don’ts will undoubtedly make you stand out from the crowd. In addition, it would enable you to build brand image and sell your products to your actual target audience, who need your products to run their business smoothly. Cybersecurity Marketing- Tips for 2022 Even if you have all the facilities and tools, cybersecurity product marketing is not that easy. Your success lies where you proactively solve the challenges you face in your marketing process. Let us look into some of the ways and tips to overcome the challenges you may face in the cybersecurity marketing process. Cybersecurity Customer Testimonials Nothing matters much more than credibility, trustworthiness, and reliability in the cybersecurity business. Customer experiences and feedback have much value in any business. Customers always want to hear from their fellow customers. Thus, testimonials are crucial in any marketing strategy. You can make use of testimonials in any form, such as written, videos, or podcasts. You can use these testimonials from your clients as a great resource to display the value of your products. So, get feedback from your clients tactically and even make case studies explaining how your product solved a specific issue faced by one of your clients. In most cases, customers may not be ready to provide their feedback for public use due to fear of a breach. In that case, you may have to find out creative ways to showcase customers' success stories and feedback without naming the names. Include Interactive Elements The modern audience needs interactive sessions and inspiring experiences everywhere. They hate the old school of marketing. Therefore, it is time to shift to virtual tradeshows and webinars. Breaking the traditional rules of marketing and digitally engaging the audience is the need of the hour. According to Matthew Fisch, a cybersecurity consultant, and SVP sales, If I want to sell into the banking or financial vertical, for example, I find events that they all go to, and I get to know them, listen to them, and then build a real relationship. “Then, when the topic of security comes up, I act as an advisor to help them build business solutions, whether it is with my company or recommending products and services that I am familiar with from being immersed in the industry. This builds trust, and you can bet when they are ready to buy, I’m on their shortlist. Apart from webinars and virtual tradeshows, you can also have polls, surveys, games, and breakout sessions as part of your cybersecurity marketing process. Again, this will capture your audience's attention, and you get an excellent opportunity to learn more about those attendees. Avoid False Information Remember, as a B2B Cybersecurity marketing professional, you are dealing with cyber professionals. Thus, focus on fact-based marketing. It is very critical that all your content should be fact-based and accurate. Why? Cyber professionals are aware that bad actors cleverly use misinformation to lure people to get personal information. Therefore, if your collaterals and brand messaging are not accurate, they may think you are one among them. It affects all your efforts and ends up in gathering a total negative brand image. Summing up Along with these, you may have to focus on many other things to be noticed by your targeted audience. However, the tips mentioned above will surely get you clients and build brand image by solving many of the cybersecurity marketing challenges faced by marketers today. Frequently Asked Questions What are the major cybersecurity marketing challenges Cybersecurity marketing faces many challenges today. Some of them can be educating the clients regarding the necessity of cybersecurity, generating relevant content, and reaching out to a specific audience. What are the effective cybersecurity marketing tactics Cybersecurity marketers can have unique marketing techniques according to their line products and the nature of the audience. However, webinars, email marketing, content marketing, and social media marketing will quickly help you reach out to your customer. { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "What are the major cyber security marketing challenges", "acceptedAnswer": { "@type": "Answer", "text": "Cyber security marketing faces many challenges today. Some of them can be educating the clients regarding the necessity of cyber security, generating relevant content, and reaching out to a specific audience." } },{ "@type": "Question", "name": "What are the effective cyber security marketing tactics", "acceptedAnswer": { "@type": "Answer", "text": "Cyber security marketers can have unique marketing techniques according to their line products and the nature of the audience. However, webinars, email marketing, content marketing, and social media marketing will quickly help you reach out to your customer." } }] }

Read More
ENTERPRISE SECURITY

Cybersecurity Awareness: the need of the Hour for Businesses

Article | September 22, 2021

No business can afford to be apathetic with cybersecurity. Cybersecurity awareness in businesses- it is high time for businesses to focus on this as the number of online frauds targeting corporates and other businesses to make easy money is increasing. As technology evolves, these online criminals invent new ways to get into accounts and steal sensitive data. No doubt that if businesses are not focusing on an effective cybersecurity strategy, it will jeopardize your businesses. Sadly and alarmingly, many are not aware of it, including corporates, or take it seriously. In simple terms, cybersecurity awareness is the understanding of what cyber threats are, what impact they can make on a business, and the steps to reduce the risk and prevent online crime. This cybersecurity awareness will make your employees work safely and run your business hassle-free. Phishing, viruses, malware, worms, trojans, spams, etc., are some of the cyber threats a business can undergo. Need not say what impact these threats will bring to your business! It will create a lot of damage to your business; even the reputation and brand image can be lost. It can also devastate your business as a whole, and you may have to start from the beginning. How will you start again if you have invested all earnings in your business, which is devastated due to the cyber-attack? How can you promote cybersecurity awareness at your work premises and among your employees? Read further to get insights and protect your business. Promoting Cybersecurity Awareness in businesses A simple mistake from any of your employees can be an opportunity for online fraud to get into your business and steal sensitive data. Moreover, this human error is the most significant factor in significant cybersecurity breaches. This can be due to the employee not being aware of it and its consequences. Indeed, you cannot blame the employees if they are ignorant of it. Therefore, as an employer, the ball is in your court. Thus, promoting awareness of cybersecurity risks is a need of the hour for corporates and even for other small businesses. Go further to get some tips on how to promote cybersecurity awareness in your business. Not Just the Job of IT Department To maintain cybersecurity, you have to take every employee of your business onboard. Therefore, the cybersecurity strategy you develop should be inclusive of every employee in your organization. In addition, all departments promote better cyber awareness, including human resources, legal, marketing, sales, and finance. Therefore, the cybersecurity awareness efforts are simply a job of the entire organization and not just the responsibility of the IT team. Therefore, your success lies where you successfully involve every employee under the IT team's leadership. In an interview of Media 7 with Anjali Gugle, Security Architect and Officer, CX Cloud Platform Security at Cisco, she said, “Security is everybody’s responsibility. Because of that, it spans over different roles and responsibilities. In most cases, security is often an afterthought in the development lifecycle. We have embraced the "Shift left” approach to enterprise security with centralized policy management in cloud-based management. This enables deriving valuable security insights and continuous security monitoring as different security services come under one roof.” Anjali Gugle, Security Architect and Officer, CX Cloud Platform Security at Cisco Educate Yourself and Your Employees Your business needs to educate your employees about the probable cyber threats your business can face. Cybersecurity awareness programs will be in vain if you and your employees are not aware of the possible cyber security threats your business can face. This will make them recognize and get away from the most common threats the businesses face, including phishing emails, other traditional fishing attacks, ransomware, malware, and malicious social media links. You can also make them aware of the recent cyber-attacks in the business world and their losses. This knowledge is vital to any cybersecurity awareness efforts. Moreover, you cannot teach your employees unless you are aware of it. Awareness Programs As part of generating cybersecurity awareness in businesses, you can also conduct various cybersecurity awareness programs for your employees. For example, you can have the below methods as part of your cybersecurity programs. Cybersecurity quizzes Displaying cybersecurity posters at prominent places Sharing occasional cybersecurity updates and tips Showing interesting and entertaining cybersecurity videos This will inculcate a sense of cybersecurity awareness in their minds. Moreover, this awareness will make them think twice before they take any action online. Regular Cybersecurity Audits The cybersecurity requirements of each company can be different. The success of cybersecurity awareness programs, policies, and safety measures depends upon how they serve the needs of the organizations. Therefore, solutions that best meet the particular cybersecurity demands of the company should be implemented in companies. Business owners and managers have to focus on ensuring this. Regular cybersecurity audits will give you a picture of what requirements you have at present. It also will evaluate how effective your present policies are. This way, the company can formulate new protocols to protect your company. Summing UP Compromising with cybersecurity will devastate your business. Therefore, IT professionals should have the skills related to cybersecurity, while other employees need to have cybersecurity awareness. Cybersecurity awareness comprises knowledge of possible threats, their impacts, and measures to protect your business. Businesses can have various awareness programs to educate employees to be aware of the threats and increase awareness. Also, have to audit regularly the policies in your company to check their effectiveness. Frequently Asked Questions Why is cybersecurity awareness in businesses so important? When the employees in a company are aware of the possible cybersecurity threats, they are likely to refrain from suspicious activities. This is because they know the impact of cyber-attack on business. How can a company raise cybersecurity awareness among employees? The company can make the employees aware of cybersecurity threats by educating them on recent attacks and their impacts. Moreover, the company can also educate the employees regarding the possible threats a particular company can have. { "@context":"https://schema.org", "@type":"FAQPage", "mainEntity":[{ "@type":"Question", "name":"Why is cybersecurity awareness in businesses so important?", "acceptedAnswer":{ "@type":"Answer", "text":"When the employees in a company are aware of the possible cybersecurity threats, they are likely to refrain from suspicious activities. This is because they know the impact of cyber-attack on business." } },{ "@type": "Question", "name": "How can a company raise cybersecurity awareness among employees?", "acceptedAnswer": { "@type": "Answer", "text": "The company can make the employees aware of cybersecurity threats by educating them on recent attacks and their impacts. Moreover, the company can also educate the employees regarding the possible threats a particular company can have." } }] }

Read More

5 Digital Transformation-Driven Cybersecurity Considerations

Article | September 22, 2021

On their road to recovery from the pandemic, businesses face unique dilemmas. This includes substantial and entirely necessary investments in digital transformation, however tight budgets are making such endeavors difficult if not impossible. Businesses continue to struggle with pivots like adopting new digital platforms, shifting their corporate model to resolve supply chain disruption and enabling a remote workforce. The inability for businesses to quickly adopt technologies that support digital transformation processes, including identity-based segmentation, virtual desktop interfaces and full-stack cloud, is hindering their ability to adequately address new threats and even to test new security systems and protocols. “Now more than ever, it’s imperative to remediate risk exposure and vulnerabilities within an organization’s existing systems—optimally from the get-go,” urges cybersecurity expert Nishant Srivastava, Cyber Security Architect and field expert at Cognizant—an IT Solutions and Services firm for which he's focused on designing and implementing Identity and Access Management (IAM) solutions. “Biggest threats should get highest priority, of course, but the magnitude or even likelihood of a threat should not be the sole consideration. Organizations should also look at other forms of value that new technologies can bring.” Below Srivastava, a senior-level IAM, governance and cyber risk authority, offers key digital security vulnerabilities businesses need to be mindful of given increased digital dependency amid the pandemic. Heed these best practices to help keep your company—and customers—uncompromised. Consumer-Facing App Gaps For consumer-facing web applications, some of the biggest security threats include path traversal, cross-site scripting (XSS), SQL injections and remote command execution. Of course, protecting customer data is an utmost security concern and breaches abound. One of the biggest challenges to address these kind of issues lies with lacking human resources. There is a lack of aptly trained and skilled security staff in even the most sophisticated of regions, which is cultivating a gap in cybersecurity skills across the globe. It goes without saying that employee training and investing in highly-qualified staff are among the best ways to establish, maintain and uphold security levels of consumer facing apps. Rifts, however small, can induce excessive damage and losses. eCommerce Exposure Online delivery businesses that are aware of security risks would be wise to introduce more secure logins, automatic logouts and random shopper ID verification and are preventing shoppers from swapping devices when ordering. Such measures will help thwart breaches that expose of customer names, credit card information, passwords, email addresses and other personal and sensitive information. Companies selling goods or services online also should not launch without a secure socket layer (SSL) connection. It will encrypt all data transfer between the company’s back end server and the user's browser. This way, a hacker won’t be able to steal and decode data even if he or she manages to intercept web traffic. Another useful strategy is to enforce password limitations. Passwords should be as complicated as possible with a combination of symbols, numbers and letters. Investing in a tokenization system is worthwhile because any hacker who accesses the back end system can read and steal sensitive information, which is held in the database as plain text. Some payment providers tokenize cardholder information, which means a token replaces the raw data so the database then holds a token rather than the real data. If someone steals it, they can’t do anything with it because it’s just a token. Ransomware Recourse Ransomware threats are escalating, which is why those doing business digitally should enforce a multi-layer security strategy that incorporates data loss prevention software, file encryption, personal firewall and anti-malware. This will protect both a company’s infrastructure and its endpoint. Data backups are key because there’s still a mild chance of a breach even with all of the aforementioned security solutions in place. The easiest and most effective way to minimize cyberattack damage is to copy files to a separate device. This very reliable form of backup makes it possible for people to recommence work as usual with little to no downtime, and all their computer files intact, should an attack occur. Gone Phishing Gmail blocks over 100 million COVID-related phishing emails every day, but more than 240 million are sent. That means less than half sent via Gmail alone are blocked. Experts cite imposing limits on remote desktop protocol (RDP) access, multifactor authentication for VPN access, in-depth remote network connection analysis and IP address whitelisting as some of the best strategies to maintain security. In addition, businesses should secure externally facing apps like supplier portals that use risk-based and multifactor authentication—particularly for apps that would let a cybercriminal divert payments or alter user bank account details. Shielding Teleconferences The shift to remote work after the pandemic hit has given cybercriminals more and more opportunities, directing their focus on the tools people use for work. It’s important that people recognize their vulnerabilities, particularly while they work from home. Among these are hacked videoconference passwords and unprotected videoconference links, which criminals can use to access an organization’s network without authorization. Many people who work from home do not use secured networks, unknowingly and unintentionally. Many are just not aware of the risks. To avoid online teleconference security issues, meetings should always be encrypted. This means a message can only be read by the recipient intended and that the host must be present before the meeting begins. There should also be waiting rooms for participants. Screen share watermarks, locking a meeting, and use of audio signatures are additional recommendations. When asked what his best advice would be to tweak security for a workforce that’s predominately working remotely, Nishant says that companies should start by analyzing the basics (like those specified above) against the backdrop of a wide range of ever-escalating and evolving threats. “Employees should use dual-factor authentication and make sure apps, mobile phones and laptops are updated and that available patches and updates are always installed,” he says. “They should certainly be wary of all information requests and verify the source. These even include unexpected calls or emails seemingly from colleagues.” Srivastava also pointed out that insiders at the CIO Symposium in July 2020 agreed that the pandemic packed years of digital transformation into just a few weeks. The use of third parties emerged as a major security concern to take into account. For instance, some employees abroad were unable to move their computers to their homes, so employers rushed to supply them with new equipment. In the process, some of it was not set up correctly thus compromising security. Companies should have done more to determine out whether individuals were using technology properly, such as if employees were sharing work devices or using their own personal equipment. On the plus side, the shift toward working from home sped up multi-factor authentication adoption. This is a great opportunity that today’s digitally-driven businesses should take advantage of. In short, Srivastava advocates taking a zero-trust approach. “It might sound harsh, but this is the idea that you can’t trust devices, people and apps by default,” he says. “Everything needs to be authorized and authenticated. Users should always verify and never trust, and businesses should act as if there has already been a breach and work to shore up weak links in the security chain. Finally, businesses should give access to information and data to as few people as possible—and wholly ensure those who do have access are appropriately trained to recognize when a red flag presents. By employing all or even some of the advice above, businesses can continue to thrive as the digital transformation age unfolds—and do so more confidently and contently all around.

Read More

Work From Home: Cyber Security During Covid-19

Article | September 22, 2021

COVID-19 has significantly affected individuals and organizations globally. Till this time more than 1.7 million people in 210 countries have bore the brunt of this mysterious virus. While this crisis is unparalleled to the past crises that have shaken the world and had lasting impacts on different businesses, economies and societies but the one domain that had remained resilient through all the past crises and is going solid in COVID-19 as well is Cyber security. While most of the sectors globally have been affected, Cybersecurity’s importance to organizations, consumers and home users have not only remained strong but have been increased drastically.

Read More

Spotlight

Orange Business Services

We are making business life easier, every day and all around the world. As a global IT and communications services provider, Orange Business Services helps companies collaborate more effectively, operate more efficiently and engage better with their customers – connecting their people, sites and machines securely and reliably.

Events