19 min

Suresh Chowdary, Nokia B2BiQ

    • Business News

During this digital summit panel, Suresh Chawdhary, head of security & privacy for Nokia, stresses the importance of a layered, multi-pronged cyber security approach to best protect from phishing and whaling. This layer defense mechanism moves away from a one-size-fits-all strategy, ensuring that everyone across the enterprise is well equipped to stay protected against threats.
Three Cyber Security Defense Layers To Consider By baseline testing employees for their susceptibility to phishing, an enterprise gathers statistics and builds an actionable and measurable improvement plan. Even within this layer, different departments are responsible for different deliverables. That means that malware threats and other vulnerabilities will affect separate industries and divisions within that industry to varying degrees. By customizing phishing tests—much like bad actors do—a holistic and accurate pattern emerges. A second layer is to have targeted training sessions for employees so that they understand what is anticipated and expected from them, how to report phishing attempts properly, and how to make sure that they are not processing payments or sending these kinds of sensitive personal information on emails when they get these kinds of emails. A third approach is targets key executives. Suresh warns that this can get tricky. Leadership team members are often global, meaning they’re traveling frequently to meet customers and vendors or participate in seminars and conferences. They also have a multiset of technologies at their disposal. With all these touchpoints, it is difficult for a CSO or an information security organization to inform executives of the varying degrees and types of risks. In this case, Suresh suggests relying on proactive, reactive, and detective controls to safeguard them. Because awareness alone doesn’t cut it for these busy individuals, multifactor authentication mechanisms and email encryption are a must. For example, a two-factor mechanism for approving invoices through email mitigates risk considerably. Things To Consider When Developing A Cyber Security Plan Finance and HR employees are particularly vulnerable due to their payment processing duties. An email spoofing the head of finance or the CEO may expertly convince an employee to urgently transfer money at the click of a button. The possibility of getting that money back is nearly zero. Additionally, HR has a massive amount of sensitive data at their fingertips. Data is the new oil in the cyber crime industry. All it takes is one slip or a single lapse in judgment for a breach to expose personal data so sensitive—such as credit card and social security numbers—that it creates a lawsuit or enough bad press to devastate an organization.

Examining the big picture and important factors of an organization helps build a plan that fits the company in terms of cost, risk profiles, and the size of the organization. Considerations may include:
Cloud service encryption packages Appropriate number of training sessions per year Regulations and limitations of certain technologies across different geographies A security plan isn’t going to be the same across an organization. Still, there are certain baseline technologies that build the foundation of security—namely an antivirus solution and a personal firewall for every employee across the globe. While email encryption is a nice-to-have for all employees, it is a must-have for people who are prone to whaling attacks, including the C-suite and leadership team. Other departments to keep in mind for customized control mechanisms are finance, HR, legal procurement, and suppliers. It is important to have a combination of proactive and reactive controls when dealing with these hidden enemies.
Advanced Persistent Threats The obvious goal to a phishing or whaling attempt is an immediate financial gain. However, an advanced persistent threat can do much more damage. In this scenario, a bad actor ga

During this digital summit panel, Suresh Chawdhary, head of security & privacy for Nokia, stresses the importance of a layered, multi-pronged cyber security approach to best protect from phishing and whaling. This layer defense mechanism moves away from a one-size-fits-all strategy, ensuring that everyone across the enterprise is well equipped to stay protected against threats.
Three Cyber Security Defense Layers To Consider By baseline testing employees for their susceptibility to phishing, an enterprise gathers statistics and builds an actionable and measurable improvement plan. Even within this layer, different departments are responsible for different deliverables. That means that malware threats and other vulnerabilities will affect separate industries and divisions within that industry to varying degrees. By customizing phishing tests—much like bad actors do—a holistic and accurate pattern emerges. A second layer is to have targeted training sessions for employees so that they understand what is anticipated and expected from them, how to report phishing attempts properly, and how to make sure that they are not processing payments or sending these kinds of sensitive personal information on emails when they get these kinds of emails. A third approach is targets key executives. Suresh warns that this can get tricky. Leadership team members are often global, meaning they’re traveling frequently to meet customers and vendors or participate in seminars and conferences. They also have a multiset of technologies at their disposal. With all these touchpoints, it is difficult for a CSO or an information security organization to inform executives of the varying degrees and types of risks. In this case, Suresh suggests relying on proactive, reactive, and detective controls to safeguard them. Because awareness alone doesn’t cut it for these busy individuals, multifactor authentication mechanisms and email encryption are a must. For example, a two-factor mechanism for approving invoices through email mitigates risk considerably. Things To Consider When Developing A Cyber Security Plan Finance and HR employees are particularly vulnerable due to their payment processing duties. An email spoofing the head of finance or the CEO may expertly convince an employee to urgently transfer money at the click of a button. The possibility of getting that money back is nearly zero. Additionally, HR has a massive amount of sensitive data at their fingertips. Data is the new oil in the cyber crime industry. All it takes is one slip or a single lapse in judgment for a breach to expose personal data so sensitive—such as credit card and social security numbers—that it creates a lawsuit or enough bad press to devastate an organization.

Examining the big picture and important factors of an organization helps build a plan that fits the company in terms of cost, risk profiles, and the size of the organization. Considerations may include:
Cloud service encryption packages Appropriate number of training sessions per year Regulations and limitations of certain technologies across different geographies A security plan isn’t going to be the same across an organization. Still, there are certain baseline technologies that build the foundation of security—namely an antivirus solution and a personal firewall for every employee across the globe. While email encryption is a nice-to-have for all employees, it is a must-have for people who are prone to whaling attacks, including the C-suite and leadership team. Other departments to keep in mind for customized control mechanisms are finance, HR, legal procurement, and suppliers. It is important to have a combination of proactive and reactive controls when dealing with these hidden enemies.
Advanced Persistent Threats The obvious goal to a phishing or whaling attempt is an immediate financial gain. However, an advanced persistent threat can do much more damage. In this scenario, a bad actor ga

19 min