During his most recent visit to Dubai, Marc French, senior vice president and chief trust officer, Mimecast, sat down with Security Advisor ME and shared insights into why threat intelligence is the key to thwarting advanced cyber-attacks.
What was Mimecast’s primary focus at this year’s GISEC?
There are two key areas that we have highlighted at this year’s show – awareness and intelligence.
On the awareness side, we are showcasing Ataata which is a security awareness training and cyber risk management platform that helps organisations combat information security breaches caused by employee mistakes. Today, almost all organisations have some semblance of a security awareness programme in place. However, what we found is that, as with any human condition, eventually, people forget. That’s why security awareness requires a continuous learning process to ensure that the organisation achieves an adequate defensive posture.
From an intelligence perspective, we have unveiled our new Threat Centre which is engineered to combine email, and web data to offer actionable threat insights to security professionals helping to manage today’s evolving advanced threats. This adds to Mimecast’s robust suite of cyber resilience capabilities, including advanced security, continuity, archiving, web security and awareness training solutions.
A new study by Mimecast and Vanson Bourne found that 69 percent of UAE respondents felt that threat intelligence was extremely important for their organisation. Furthermore, 26 percent of email systems can’t consume and apply threat intelligence data to security systems.
The Threat Centre is designed to produce a wide variety of reports, including threat research on vulnerabilities, analysis on targeted malware, deeper insights on targeted threats hitting specific industries and quarterly Email Security Risk Assessments (ESRAs). This will allow us to provide customers with actionable insight that can be used to help them better manage and prioritise today’s evolving threats.
What advice would you give security leaders to help them keep the balance between security and productivity?
I’ve been on both sides of the spectrum. I’ve been a business leader as well as a security professional. I think where CISOs fail is when they don’t realise that their role is aimed to support the business and not to be the security police.
This is the case 99.9 percent of the time. Most CISOs take a full-on FUD approach – fear, uncertainty, and doubt. They tend to overprescribe the organisation, which then hinders productivity.
Another mistake that most CISOs commit is taking all the responsibility for security. While to some extent this is expected, as a CISO your main role is to lead and advise, and not run all security mechanisms. This is where awareness comes in. It’s the force multiplier that will enable you to become cyber resilient.
What kinds of skills do you think future CISOs need to acquire to combat the next generation of cyber threats?
I mentor a few up-and-coming CISOs, and one piece of advice I often give is for them to take a job that’s not related to security for at least a year or two. I think doing this will enable them to gain a perspective that will help them to be successful later in their careers. If aspiring CISOs spend their whole careers in the security field, once they reach an executive rank they might find it difficult to be objective and make the decisions that align with the goals of the business.