The biggest cause of security failure is phishing.
Whether you are on-premise or in the cloud, your worst enemy is phishing.
It’s not how secure you ‘crown jewels’ are, it is how securely you are using them at each step!
It really doesn’t matter where your server is or your application is, whether on-premise or in the cloud, if authentication and authorisation information is in the hands of the hacker, it’s game over!
You could have a fortified $100 Million vault protecting your crown jewels, completely secure, but if the key is in enemy’s hands — you’re multiplying it by zero!
‘Multiplying by Zero’ is a mental model, when applied to cyber security, makes it imperative that your weakest link be identified and fixed first.
Gartner’s CARTA — Continuous Adaptive Risk and Trust Assessment
Gartner’s CARTA approach applied to the human layer is imperative for your security to stand ground. Why?
Layer 1: Humans
It is not enough to conduct once a quarter or once a year Security Awareness Training, or even once a month training, it has to be a continuous and adaptive process. Gamify it, randomise it, make it personalised — Now we’re talking! Users should not be able to differentiate between a gamified simulation or a real attack, and their behaviour should be uniform — Report it! If you can achieve this, that is the human layer taken care of.
You train, they learn, time passes, they forget!
Layer 2: Email
It is not enough to have security applied via a secure email gateway alone, because once the threat enters your assets (inbox), and gets weaponised post-delivery — it’s game over once again. ‘Post-Delivery Identification and Protection’ is crucial to winning the ‘battle of phishing’ to win the ‘war of security’.
The Swiss Cheese model of Email Security is crucial to deploy in the present times, given the emergence and weaponisation of new threats, and their implication for your organisation.
The ability and speed at which phishing threats are mitigated are of prime importance. It’s not like newer forms and threats will not emerge, it is
Phishing continues to evolve, mitigation and speed of remediation are key.