BUSINESS INSIGHTS
99 % of data loss incidents are human-driven , while 75 % of ransomware attacks start with email phishing . There are also Business Email Compromise attacks or email fraud attacks – where the criminal pretends to be someone that the victim trusts – are causing more financial loss than all other attacks combined .
Given the overall success rate and low cost of executing these email fraud attacks , we ' re seeing UAE CISOs particularly concerned about these . Security professionals are recognising these new ways in which criminals are trying to socially engineer people – they ' re ultimately logging in instead of hacking in .
What trends have you seen in terms of regional organisations moving to the cloud and what challenges does this present ?
The ability for employees to work from anywhere is here to stay and we ' re seeing an increased need for organisations to enable things like virtual collaboration , cloud services and the ability for people to collaborate more effectively from anywhere , on any device , in any location .
Many firms are now housing a substantial portion of their sensitive information and corporate data in the cloud . They ’ re migrating from on-premises data centres to Microsoft , Amazon and Google to ease that transition into work from anywhere . But that means our security strategy and controls need to change as we ' re leveraging cloud services .
And the criminals recognise this shift . That ' s why instead of hacking Microsoft , they ' re tricking our employees into giving up those credentials to these cloud services . Why hack Microsoft , if you can just steal someone ' s credentials and log in using their actual identity and just download the data from the cloud ? Criminals are also leveraging cloud services to host malware and this is being used to launch ransomware attacks .
Many organisations have migrated to office 365 . What are the hidden costs and security limitations of this ?
Microsoft really is a business enabler and businesses across the world , including those in the Middle East , are reaping the rewards of Microsoft and those collaboration services . users in 2020 , according to Proofpoint ’ s threat data . This is criminals using Microsoft ' s own infrastructure and trusted domains to spread that malware .
Email is still the number one point of entry for cyberthreats and this puts everyone at risk – internal employees , external suppliers , external third parties and customers that we collaborate with . A core concern is the fact that these emails are leveraging outlook . com , for example , as a domain , which has a trusted reputation – so those emails are much more likely to land in the inbox .
Criminals are really using a wide range of tactics to hijack these cloud email and application accounts . That ’ s why 71 % of CISOs in the UAE are more concerned about the repercussions of cyberattacks now , more than ever .
Why must email security for office 365 be a priority ?
Fundamentally , we need additional controls on top of the core capabilities that Microsoft 365 provides . If the criminals are leveraging a platform approach , we too as defenders need to leverage a platform approach .
If the criminals are leveraging a number of different techniques from credential phishing to malware to Business Email Compromise , we have to have that defence in-depth platform approach to protect the user and the threat that the user is facing in the email channel .
How concerned should CISOs be about insider threats ? And how is the reported great resignation driving the rise in these ?
As cybersecurity professionals , we spend a lot of our time and budget focused on keeping threats out . We want to make sure that we ' re protecting our data and with good reason .
However , not all attacks are perpetrated by outside criminals . Sometimes that risk is inside of our house . There are two key trends that are leading to this increase in insider risk .
The first is the move to the cloud . We ' re leveraging more cloud services , more data is going into the cloud , more people have access to that data .
But we ' ve seen the criminals too are leveraging that infrastructure . We saw malicious messages sent from Microsoft 365 , targeted at 60 million
And then second is this work from anywhere – we have much more flexibility but with increased access comes increased risk . Are we monitoring www . intelligentcxo . com
67