Cybersafety Connections October 2021 Vol #37
This week’s Cybersecurity highlights are from 4 Steps to Protect C-Suite from BEC .
- Preventing C-Suite from Business Email Compromise attack.
- Train C-Suite to recognize Business Email compromise.
- Put Technical Controls in place.
- Emphasize the need for C-Suite to set the example.
- Communicate BEC risk to C-Suite in Business Language.
- Preventing C-Suite from Business Email Compromise attack
Damage caused by business email compromise of the C-suite can run into millions causing financial as well as reputational damage because of the authority and financial privilege C-Suite has. The C-Suite has the top job in the company, most trusted with corporate secrets, confidential data, and their communication will most likely be read and followed.
Some of the challenges noted for the C-Suite is the rate at which the C-Suite change technology and also break the rules.
Ways to Help C-Suite Stay Safe ;
- Train C-Suite to recognize Business Email compromise
Training is key in recognizing business email compromise and the communication should be in a language understood by both technical and non-technical C-Suite. Timing of the training is important as well so C-Suite can have the time and attention needed.
- Put Technical Controls in place
While training C-Suite to identify things that look suspiciously like syntax, language, misplaced characters, urgent requests is the first line of defense, there is a need for controls behind the first line of defense. These controls include multifactor authentication over C-Suite email, a complementing control that would make it harder for the attacker to take over the email. The second control is a notification when someone gets a message that may be suspicious.
- Emphasize the need for C-Suite to set the example
C-Suite members are not regular employees, they are the most prominent employees and even though protected are not above the law. C-Suite should champion tone at the top in leading cyber security initiatives, to be an “example’ and not an “exception.” There needs to be sensitive handling of violations privately and in an appropriate manner to help the C-Suite stay secure.
- Communicate BEC risk to C-Suite in Business Language
The challenge here is the CIO and CISO have the job of explaining risk, threats, and vulnerabilities in business to C-Suite in such a manner and language that even a non-technical CEO can understand, translate into business risk and act on the CISO plans.
It involves being agile, learning, unlearning and re-learning.
Subscribe to get the latest post.