In our recent fireside chat, Forrester Principal Analyst for Security & Risk, Jess Burn, and our CTO, Steven Spadaccini, explored the dynamic and challenging world of business communication threats.
Recorded on November 9, 2023, this insightful discussion highlighted the evolving nature of email security threats and the importance of adapting defense strategies in the face of increasingly sophisticated attackers. Here’s a rundown of some of the best moments.
The Rise of AI in Cyber Attacks
We began the conversation by examining how attackers are now leveraging AI to craft more convincing phishing emails and potentially create deepfakes for voice-based attacks. This advanced use of technology signifies a shift in the tactics of threat actors, who are now employing social engineering with greater finesse and precision.
Extending Security Beyond Email
Jess raised a significant point about the evolving threats in business communication, emphasizing the need for organizations to broaden their security measures beyond traditional email. With the proliferation of messaging apps, collaboration platforms, and even SMS, it's crucial to integrate these channels into everyday security protocols. We discussed an alarming instance where Russian state-sponsored hackers exploited Microsoft Teams, posing as technical support to infiltrate organizations.
Addressing Resource Constraints in Security Teams
The discussion also shed light on the challenges faced by security teams, especially those with limited resources. Steven emphasized the necessity of equipping analysts with better tools to combat alert fatigue and improve threat detection and response capabilities. We proposed a blend of enhanced analyst experience and augmented staffing through managed services as a solution.
The Pandemic's Impact and the Future of Email
The COVID-19 pandemic's role in accelerating the use of diverse communication tools, and consequently increasing the threats in business communication, was another key topic. While acknowledging the potential decline in email usage with younger generations favoring instant communication, we asserted that email would continue to play a vital role in business communication.
Rethinking Security Awareness and Human Risk Management
A crucial takeaway from our chat was the need to revamp security awareness training, particularly focusing on the increasing threats in business communication, to manage human risk effectively. This involves conducting regular phishing tests, implementing safeguards against mistakes, and cultivating a culture where employees are encouraged to report suspicious activities. We also recommended adopting security measures like DMARC and moving away from SMS-based multi-factor authentication.
Challenges in Incident Response
Finally, our conversation highlighted how incident response is adapting to the diversified threats in business communication, in an era where communication channels are rapidly changing. We advised firms to enhance their teams' cloud security skills and collaborate with IR service providers. We stressed the importance of having a robust IR plan and involving legal counsel early in the response process.
Embracing Change for Enhanced Security
This fireside chat with Jess Burn and Steven Spadaccini offered a comprehensive overview of the current and emerging challenges in business communication security. Our insights underscore the necessity for organizations to evolve their defense strategies, focusing on advanced technology, expanded security measures, and effective human risk management. As the landscape of business communication continues to transform, we at SafeGuard Cyber are committed to staying ahead of these threats, ensuring organizational security and resilience for all of our customers.
