Don’t think you need a cyber resilience for email plan? Think Again
Mimecast Chief Information Security Officer Mark O’Hare identified seven reasons so many organizations fail to protect themselves from email-based cybercrime:
- Having an “it won’t happen to me” attitude. – Cybercriminals don’t care if you’re a small business or a large enterprise, everyone is susceptible to an attack. Thinking it won’t happen to you leaves the door wide open for an email attack.
- IT is too busy putting out fires to develop an email security strategy. –Consider a ransomware attack that locks down your entire system, if you don’t have an email security strategy in place for everyone from the executive suite to the front desk and back office, there will be a lot more fires to put out when an attack occurs. Cybersecurity is everyone’s business, not just IT.
- Immature risk assessment practices – How confident are you in your ability to spot and stop an attack? Knowing your risk can help to build your strategy. Performing an email security risk assessment and internal audit is the best way to understand the kinds of threats aimed at your organization.
- Budget focused on “getting new business”, not initiatives to protect the organization and its assets. – When an attack does occur you won’t have to worry about new business, you’ll be too focused on reaching out to current customers to discuss how their data was compromised. By putting budget toward security initiatives, you are investing in your sustainability in the event of an attack.
Lack of understanding of how much can be lost in an email attack – Cybercriminals are after more than just money. Corporate data, intellectual property, employee credentials, and system lockdown can all be profitable to an attacker. You’d be looking at a lot more than just lost revenue and unplanned downtime.
- No Security or Risk Team to highlight potential issues – Cybersecurity should not be an afterthought; it needs constant focus and attention to be effective. Developing a cross-functional team that have a stake in the project’s outcome, accountability, and can manage advanced security training for the organization is paramount.
- No support from executives to push for robust security. – All departments at all levels need to be engaged. Top level management may be at increased risk for their privileged credentials being compromised. Everyone needs to be on board.
Can your organization risk business disruption, unplanned downtime, diminished productivity, data loss, compliance violations (and their respective fines, think HIPAA and GDPR) and brand erosion? If you answered, “No” then it’s time to starting thinking about your plan for cyber resilience for email
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly
Take me back to the article please