Mimecast Secures the Future: Cyber Threat & Brand Protection

Carl Wearn, Head of Threat Intelligence Analysis and Future Ops, Mimecast, shares his expert insight on cyber threat & brand protection with Cyber Magazine

Carl Wearn is the Head of Threat Intelligence Analysis and Future Ops at Mimecast, where he provides threat intelligence focused on email threats blocked by Mimecast. Carl’s work adds a wider context for organisations that face attacks – he helps them understand who is targeting them and why. 

Prior to Mimecast, Carl worked as a UK Police officer in London for 24 years, specialising in antisocial behaviour and court applications before moving into the Metropolitan Police’s Falcon fraud and cybercrime command in 2014. This work also included the specialist investigation of high value cyber related fraud and management of the commands tasking process. He has a BSc (Hons) in Policing and a Postgraduate Certificate in Leadership & Management.

He sat down with Cyber Magazine to explore cyber threats and brand protection.

What does the threat landscape right now in 2024 look like?

Mimecast experienced its highest ever volume of detections in January 2024, with 249 million detections across our various products. This surpasses the previous high of 225 million, which we saw at the advent of the Russo-Ukraine war in March 2022. 

We are seeing an increasing volume of malicious threats, and this is combined with novel attempts to circumvent detection, such as exploiting the use of QR codes, images, and an increasing proliferation and complexity of phishing attempts.

What steps can an organisation take to stay secure and prevent compromise?

Threats are multi-faceted and unlikely to reduce in complexity. The core of an effective defence is to implement effective processes, procedures, and solutions to mitigate specific risks at various layers. In its simplest terms, the importance of cyber hygiene can never be overstated. Adherence to best practice in relation to hygiene, such as password use, private networks, and security, including mandatory usage of multifactor authentication whenever available, should be seen as critical to any baseline.  Part of this approach would be frequent and relevant awareness training across organisations to ensure that any malicious activity employees experience can be recognised quickly. 

 

Enhancing security measures following breaches is crucial to mitigate future risks, as trespassers gaining familiarity with the network's infrastructure or premises could pose recurring threats. A layered approach to cybersecurity resilience is essential for organisations to effectively defend against and mitigate physical access breaches.

What impact will AI have on the threat organisations face?

AI’s immediate impact will be experienced through more convincing phishing messaging and potentially the enhanced volume of threat campaigns. 

Beyond this short-term threat, actors will be able to accelerate their output with the help of AI, and this will likely speed up the cycle of malware development and use. This doesn’t change the fundamental nature or way that Mimecast or other security companies work, organisations will remain focussed on identifying and detecting new threats and ensuring customers continue to remain protected. 

Additionally, we’ll see organisations maintaining their focus on implementing new products and innovative solutions to help stay one step ahead of the evolving threat landscape.

How much of the responsibility does a business bear in ensuring consumer confidence? 

Cybercriminals are increasingly looking to take advantage of the trust and confidence people have in prominent brands to trick them into sharing personal information. Mimecast research in 2021 found that 73% of UK consumers said it’s the brand’s responsibility to protect itself from fake versions of its website and 62% said it’s the brand’s responsibility to protect itself from email impersonation. Brands must listen to consumer concerns and do more to prevent their brand being exploited, or they risk losing customers when they fall victim to scams such as brand impersonation attacks.

What steps can organisations take to prevent brand impersonation?

To prevent this, organisations can use technology such as Domain-based Message Authentication, Reporting and Conformance (DMARC), which allows brands with an online presence to detect and reject any unauthorised sender who attempts to use a brand’s email domain.

Organisations should take additional steps to proactively protect their brand by searching for entities or individual’s seeking to exploit their reputation. 

Online imitation of a brand can lead to an immediate short-term significant loss of trust in that business, as well as holding the potential to cause more significant long-term reputational damage and loss. This also applies to Government departments and agencies and police services, as they are as vulnerable to negative reputational damage (arguably more so) as other organisations. 

**************

Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand 

*************

Share

Featured Articles

OpenText's Pillr Buy Show Acquisitions Still in its Strategy

OpenText’s move to buy Pillr, a Managed Detection and Response platform from Novacoast, highlights how it is continuing its strategy of acquisitions

Zoom Prepares for Quantum World with Post-Quantum Encryption

Zoom is preparing for the advent of the quantum-computing world with post-quantum end-to-end encryption that can resist hacks trying to decrypt its data

Tenable: Security Expertise Gap Threatening Cloud Expansion

A Tenable report shows how despite a majority of companies wanting to expand their cloud, many don't believe they have the security to safely do so

Why CISOs Remain Crucial in the Age of Rampant Ransomware

Cyber Security

Q&A: Protiviti's Sameer Ansari on CISOs' Growing Challenges

Cyber Security

How Partnerships Proved Pivotal for UnitedHealth After Hack

Data Breaches