Our IT Executive Roundtables are invite-only events hosted by peers for peers that bring together a select group of senior IT leaders from across industries for topic-driven, intimate dialog on current trends and topics. The group met remotely to discuss decreasing user exposure led by the CIO of a leading employee-owned engineering company. This Session was sponsored by Abnormal.
More cyberattacks are happening today than ever before. Threat actors are using modern techniques to avoid detection and infiltrate corporate networks. What can organizations do to keep them at bay? What strategy can they take to enhance their security outlook and combat cyberthreats like phishing attacks, ransomware, and zero-day vulnerabilities?
How prepared are you against cyberattacks?
At the start of the discussion, attendees shared how the ever-increasing advancement of cyberattacks is affecting their organizations.
Latest phishing methods
An attendee mentioned that their email scanners could prevent most phishing attempts by flagging emails with malicious links, artifacts, or attachments. However, cybercriminals are taking a different approach to phishing and social engineering, i.e., impersonating trusted partners and vendors. E.g., A threat actor impersonating a trusted partner would send an email to an employee, asking them to communicate over WhatsApp as they “find it easier.” Since such emails seemingly don’t contain anything malicious, they can slip through the cracks. Persuasive language may convince the victim to take the conversation off-platform, where you have no visibility or security controls.
People can be your weakest…or your strongest link
People are a vital part of the cybersecurity equation. It’s crucial to bring them along the journey and make them a part of your strategy. Develop their capability to identify potentially malicious behavior. Empower them with tools to help flag and report phishing and social engineering attacks. It’s also important to provide feedback on all reported events so they can learn to separate the good from the bad. Remember, if people are not security-conscious, they can be your most vulnerable link; however, they can enable you to detect and prevent potential cyberattacks.
Keeping up with the advancements of threat actors
A participant remarked that threat actors will always find ways to surprise you. We are playing a game of chess, and they always get to make the first move. Investing in people and technology is the best approach to mitigate risk. Utilize state-of-the-art threat detection and response tools to create an effective defense strategy. Keep exploring ways to improve your tech stack and policies. Periodically conduct training to keep your technical and non-technical people apprised of all the latest developments in the cybersecurity world.