April 25, 2017What does cyber resilience mean to you? The answer will surely vary across industries. And, to some, the term might not mean anything at all. In fact, according to new research from Vanson Bourne, not enough organizations are making cyber resilience planning a priority.
Only 30 percent have already adopted a cyber resilience strategy, with about one-third still in the early stages of development or planning. Too many organizations are leaving themselves unprepared for the unknown, and it doesn’t have to be this way.
Organizations of all sizes need a cyber resilience strategy; no exceptions. Yes, security is critical, but not the only piece of the cyber resilience equation. Multi-purpose data archiving, business continuity and the ability to empower the end-user should also have equal consideration. This holistic approach to IT management is what we call cyber resilience, and this is core to our business and how we interact with our customers.
Cyber resilience resonates throughout everything we do at Mimecast – it’s engrained in our internal and external philosophy. But, we wanted to find out how other industry thought leaders are thinking about cyber resilience, and how they are applying it to their own business models. So, we took the great opportunity to tap into the powerful mindshare at RSA Conference 2017 by hosting the first-ever ‘Cyber Resilience Think Tank’ at the San Francisco NASDAQ Center. Insights from the event were captured in a Cyber Resilience Report released today from Cybersecurity Ventures.
I had the pleasure of leading this think tank discussion, which was made up of almost two-dozen leaders in the cybersecurity industry, and moderated by Ari Schwartz, Venable CEO and former member of the White House National Security Council. The impressive caliber of Think Tank participants – which ranged from Malcolm Harkins, chief security and trust officer of Cylance Inc., to Helen Rabe, head of information security for UK-based Costa Coffee – validates that cyber resilience is a hot-button issue that organizations of all sizes and across all industries should care about – and plan for.
The Think Tank attendees validated our approach to cyber resilience planning. It starts with the understanding that security alone simply isn’t enough. And it ends with a comprehensive plan to manage IT, and hopefully, a philosophy that helps drive your business and customer relationships.
Now, more than ever, organizations need a broad approach to cyber resilience planning and they can’t expect do it alone. Industry leaders need to continue to push cyber resilience and provide actionable insights and prescriptive advice to drive towards a more cyber resilient future.
Think Tank contributors included:
- Matt Crouse, Director, Information Security & Compliance, Lucky Brand, LLC
- Joe Gajdosik, Director of IT Security, Curtiss-Wright Corporation
- Jason Gunnoe, Chief Information Security Officer, Bridgestone Tires
- Cathy Hammond, Chief Security Architect, Teleflex
- Jim Hansen, COO, PhishMe
- Gary Hayslip, Chief Information Security Officer, City of San Diego
- Ed Jennings, COO, Mimecast
- Joel Lowe, Head of Information Security, Sonic Automotive
- Neil Murray, Chief Technology Officer, Mimecast
- Phil Owen, Global Head of Information Security, IHS Markit
- Helen Rabe, Head of Information Security, Costa Coffee
- Brian Reed, Chief Product Officer, ZeroFox
- John Sapp Jr., Director, IT Security & Controls, Information Security Officer, Orthofix, Inc.
- Ari Schwartz, Managing Director of Cybersecurity Services, Think Tank Moderator, Venable, LLC
- Maurice Stebila, IT Security, Compliance & Privacy Office, Harman International Industries
- Chris Wysopal, CTO & Co-Founder, Veracode
February 28, 2017Our promise to the industry was to engage, educate and provide valuable insight into major cybersecurity issues facing organizations around the world.
Here is a small recap of what happened at RSA Conference, so you can feel like you were able to attend:
Moment 1: ‘Cyber Resilience Think Tank’ at the San Francisco NASDAQ Center
The Mimecast team hosted a great event at the San Francisco NASDAQ Center for an early morning ‘Think Tank’ lead by Mimecast’s CTO, Neil Murray, and moderated by Venable’s CEO, Ari Schwartz. Security thought leaders from various industries joined in one room to network and share the challenges organizations face today with cyber resilience. As organizations work to become adopt a more cyber resilient strategy there was consensus among the peers in the room that the diversity of the attack must equal the diversity of the defense.
Moment 2: Dark Reading Interview with Bob Adams
Lights, camera, action! What a moment for our very own senior cybersecurity strategist, Bob Adams, who was in front of the camera for an interview with Dark Reading. Bob highlighted the latest security gaps with internal email and the proposed solution, which Mimecast launched at the start of the show. He also discussed how to gain valuable insight into the attacks being missed by many incumbent email security solutions. Interested in watching? Click on the image to watch the full interview below
Moment 3: Live Hacks at the Mimecast Booth
Full house, no problem. Security experts Bob Adams, Julian Martin, and Matthew Gardiner demonstrated onsite ‘LIVE HACKS.’ The gist of the hacks incorporated social engineering attacks, phishing attacks and the ease at which a hacker can use email as a primary hacking mechanism to own the target’s system, gain bank information and take over someone’s video camera without them knowing. You can view the live Periscope video below if you would like to take a look for yourself.
Moment 4: Insights into the latest Cyber Threat Plaguing email
Who doesn’t like working on solving problems with clients? At the event, we got to meet with many customers and new prospects. Thank you, to everyone who stopped by the booth. We were able to share the latest email security threats we see organizations face daily. This included 421 unknown malware threats, all of which were missed by a number of incumbent email security solutions. Check out a summary of these threats in our latest Email Security Risk Assessment infographic we had posted in the booth here.
November 29, 2016Nowadays, no one is safe from being the target of a cyberattack, especially as more businesses move to the cloud: The U.S. SMB cloud computing and services market is expected to grow from $43 billion in 2015 to $55 billion in 2016.
This means that organizations across all industries globally have a lot to worry about when it comes to security, as ransomware, phishing and impersonation attacks are only becoming more sophisticated and damaging. But according to new data, small and mid-sized businesses are especially prime targets – they are hit by 62 percent of all cyberattacks, about 4,000 per day.
Cyberattackers will do anything they can to infiltrate your organization, even if it means playing dirty. Through tactics like social engineering, attackers identify their target. Then, they use email, almost always, as an entry point to steal data, employees’ personal identification information, tax documents, and cash – they can even hold your systems hostage and put productivity into lockdown.
What does all of this mean? For most businesses, cyberattacks can result in downtime, data, and financial loss. However, medium enterprise businesses have a lot more to lose. The U.S.’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their business over six months after a cyberattack. And, according to the Ponemon Institute, the average price for small businesses to clean up after they have been hacked stands at $690,000 – for midsized companies, it’s over $1 million.
Being a medium enterprise means you need a plan. Today, defending against insidious attacks requires a broader focus, beyond just security. You need a realistic approach to cyber resilience planning that spans security, data protection, businesses continuity and end-user empowerment. Medium enterprises are often high growth, increasingly complex and global. And, they don’t always have large IT or security teams, or budgets. This means they have high-level requirements without large enterprise money. That’s okay. With the right vendor, you don’t need enterprise-level resources or budget to implement an effective cyber resilience strategy.
If you want to keep your business running, you need to act now. The quickest, easiest and most effective way to start the process of becoming more cyber resilient is to focus on one of your organization’s most vulnerable links – your employees. Educate and empower your entire organization on good security practices. Teach employees to:
- Pay attention to things like requests for financial transfers, domain names, and website addresses.
- Think before they share too much information on social media. Cyberattackers troll sites like Facebook and LinkedIn for personal details and whereabouts.
- Never share credentials or click on suspicious links– even if the email looks like it is from a legitimate bank or financial institution.
Building out a cyber resilience strategy is no longer an option. In fact, whether or not you have a cyber resilience strategy in place could be the difference between life and death for medium enterprise businesses. Download this E-book to learn more about strengthening and empowering your employees. And, learn howMimecast can help your business become more cyber resilient.