August 14, 2018
Finn Partners’ Clients Weigh in on the Challenges and Solutions at Hand
Organizations are continuing to suffer from an onslaught of cybersecurity breaches in 2018 with no clear end in sight.
It’s a cat and mouse game between bad actors and the rest of us, and the bad guys have the upper hand, especially when it comes to employees taking proper safeguards, per Finn Partners’ recent research report. With cyber hacks a daily occurrence, are we becoming desensitized to breaches as a society and just not incorporating the proper measures, even if they are readily available to us?
We asked our own cybersecurity clients for their thoughts on the state of the security industry today. Here’s what they had to say.
Karen Reynolds, vice president of corporate communications at identity and access management leader Centrify said, “I am so close to the facts, headlines and discussion that I have no problem adhering to company security guidelines. The only time it gets tricky is when we need to ask for privilege elevation on accounts like Twitter, Salesforce and the like. My advice is we need to get used to this being the new normal. The spend is growing tremendously, but the hackers are still out-hacking the security providers’ solutions.”
Reynolds added that on a personal level, she’s seen a huge increase in voice calls from scammers posing as the U.S. Treasury, telling her this is their ‘last’ communication before she is arrested for tax fraud. She also frequently receives emails, supposedly from large brand-name banks – many that she doesn’t even have accounts with – saying her account has been suspended and she needs to call right now to clear up.
“My thought on hygiene remains the same. If it sounds fake, it probably is,” said Reynolds. “If you don’t know a number, don’t pick up.”
Jill Richards, head of marketing at mobile security leader Appthority, added her perspective from a mobile point of view. She noted, “The struggle is real. It is tempting to have more apps on our phones than we regularly use, and to give extensive permissions to these apps to access our devices and data. We hear each day about breaches, but don't always make the connection between our everyday actions – where we get our apps, along with what data we are willing to share – and those larger breach events.”
Richards said that enterprise customers can struggle with an overwhelming amount of fear-based threat information. Even security teams have trouble distilling real risks from the false-positive and potential threat noise. Often this is due to a lack of tools, or tools that see only pieces of the threat landscape rather than working in concert to provide more context and a better risk picture.
“Cyber fatigue can be a struggle,” said Richards. “The market is oversaturated with news, risks, threats, and solutions, and it can be hard to get an expert point of view in front of security teams at the right time and in a credible way for them.”
She added, “The way we approach all of these cyber fatigue issues is to deliver a consistent contextual message about mobile security risks. Our perspective is that mobile apps are the fastest growing, biggest source of risk for mobile enterprises. They are also the best place to stop risk before it becomes a bigger risk for users and companies.”
Keith Do, marketing project manager at RedSeal, agreed that cyber fatigue can be a challenge. He said, “It’s definitely a threat to business because it’s asking often-overworked people to care about something else. People can get tunnel vision, and sometimes even lazy – which is counter to proper cyber hygiene.”
He noted that tech has helped. For example, RedSeal has mandatory on-demand security training. The company also uses an email management vendor that filters out emails and automated backup and daily virus scans. However, he cautioned, “If you have too many hoops to jump through, your workflow can come to a screeching halt, so there needs to be a balance. I think incremental exposure and rollouts to new processes is fine. Eventually, people will tolerate them.”
Erica Vener, senior director of marketing at RedSeal, shared the following tips to help keep employees focused:
- Share any particularly sneaky phishing emails that come into the company with employees so they know what to look for.
- If anyone clicked on a phishing email with bad results -- share the email AND the results (without naming names).
- Notify employees that IT will send out a test phishing email, and then – after you do it -- see who still clicks on it and ensure they get a remedial course.
- Share stories of the latest threat tactics so employees know what to look out for.
You May Also Like