Light Dark
June 4, 2020 By Mark Stone 3 min read
Data Protection
Identity & Access

As the business world navigates the ups and downs of today’s economy, a mindset shift is required to maintain cyber resilience. Cybersecurity, often an afterthought in a strong economy, must not be neglected in responding to shifts in the business landscape.

As more companies expand their remote workforce, the number of endpoints with access to corporate resources is proliferating. Hackers are seizing the opportunities this presents: Phishing email click rates have risen from around 5 percent to over 40 percent in recent months, according to Forbes.

With a strong cybersecurity mindset and some strategic planning, your company can position itself to survive these new working conditions and build up even more cyber resilience as you adapt. Because cybersecurity professionals are facing formidable adversaries, understanding how hackers think can go a long way in mitigating the threat they pose.

An Unfair Advantage

Security expert Frank Abagnale is one of the foremost experts on the thought processes of threat actors, and he was kind enough to lend his expertise to this piece.

Since the number of successful phishing attacks has skyrocketed, I asked him if this is more a function of hackers stepping up their game, or employees not possessing the right cybersecurity mindset to pay attention.

“It’s both,” he explained. “Any crisis is a perfect backdrop to phishing attacks. At the same time, employees are in a new environment, working from home with more distractions than ever. Add to this stress, cabin fever and anxiety, and you have the perfect phishing storm.”

What makes bad actors so successful, according to experts, is that they take advantage of the human condition. And the human condition is less guarded by security layers today than it has been in quite some time.

“Any fear and anxiety gets people to do things they normally would not do,” said Abagnale.

Take It From the Top

So what can an enterprise do to swim against this foreboding tide? Abagnale insists that vigilance is the key.

“It’s the way to go in normal times and especially now,” he said. “If a link or email sounds too good to be true, it probably is. Don’t rush to fill forms and provide your information to anyone who claims to be the IRS” — or someone who can accelerate your tax return.

But employees can’t be expected to bear the full responsibility of security, or even to recognize established best practices in every scenario. If something is too confusing or complicated and employees don’t know much about it, failure can seem inevitable. Good cybersecurity must be taught in ways that are easy to understand and that include actionable takeaways.

“We must use this time to educate and keep employees alert,” Abagnale asserted. And today, the cybersecurity responsibility elevator operates with only one button and one destination: the C-suite. It therefore falls to chief information security officers (CISOs) and security practitioners to connect the dots and ensure their colleagues understand what they can do to help.

Modern Problems, Modern Solutions

As we continue working, could the altered landscape change Abagnale’s mindset around cybersecurity? Would most of his convictions hold?

“I have been talking and warning executives and companies for over four decades about what criminals do to exploit unsuspecting humans,” he explained. “I now live to see the full effect of it, in a time that is ripe for fraud and deceit. My convictions are more reinforced today than ever. I am more energized to help educate the public about cybercrime and how we move forward to a better and more secure internet.”

Abagnale firmly believes that we must elevate our systems to prepare for the future, and the first piece of advice he would give to any company and security practitioner is to stop using passwords.

“Once you take the secret away from the human user, they cannot give it to the crooks,” he said. “They will not fall prey to keyloggers. It’s time we move forward from a 1960s technology to the 21st century.” Now may just be the time to put into action what Abagnale has been suggesting for years, and the path to a passwordless world may be simpler than you think.

Of course, moving away from passwords is just one aspect of the mindset shift security experts must embrace to bolster their cyber resilience. Don’t just keep cybersecurity and cyber hygiene front of mind; take the opportunity to reevaluate the true efficacy of our fundamental assumptions about security. Drastic changes in the threat landscape will continue to develop as working norms are overhauled, and security measures devised for outdated threats likely won’t serve us in the future — or even the present.

 |  |  |  |  |  |  |  |  |  |  |  | 
Mark Stone

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature