How can people keep their personal data secure?

Ciaran Rafferty, Managing Director, Email Security, HelpSystems, spoke to Cyber Magazine about securing data and tackling identity theft

Can you tell me about HelpSystems? 

HelpSystems is a software company with a unique and comprehensive suite of cyber security solutions and services that help customers detect and mitigate against an ever-growing number of cyber threats. 

We provide cyber security solutions for Data Protection, Email Security, Digital Risk Protection, Secure File Transfer, Vulnerability Management, Adversary Simulation, and Red Teaming. The solutions are built for hybrid IT environments that operate both on-premise and in cloud-based infrastructures. 

Additionally, HelpSystems provides a range of managed services including Managed Detection and Response, Managed Data Loss Prevention, and Managed Digital Risk Protection, as well as Security Awareness Training. 

The HelpSystems portfolio includes well-known leaders in the cyber security field, including: Agari, Alert Logic, Boldon James, Beyond Security, Clearswift, Cobalt Strike, Core Security, Digital Defense, Digital Guardian, GoAnywhere, Globalscape, PhishLabs, Terranova Security, Titus, and Tripwire. 

What is your role and responsibilities at the company? 

I joined HelpSystems in December 2019, when the company acquired Clearswift, a leading provider of data loss prevention solutions for email, web, and the cloud. In May 2021, HelpSystems also acquired Agari, a business offering unrivalled protection against email-based fraud. 

Working together, these solutions can help secure critical data and protect organisations from a wide range of email-based threats, including phishing and business email compromise attacks. I head up the HelpSystems email security business unit responsible for ensuring that worldwide cyber security customers benefit from our combined solution expertise.  

With a rise in phishing attacks, how can people keep their data secure? 

Throughout 2021, threat actors relied on a variety of attack vectors to carry out their campaigns. While the year was witness to an increased presence of emerging threats, traditional phishing methods still commanded the majority of threats facing enterprises. In the latest Quarterly Threat Trends & Intelligent Report by HelpSystems, the number of voice phishing (vishing) cases increased almost 550 percent over the last twelve months (Q1 2021 to Q1 2022). 

To meet these challenges head on and to minimise the scope of threats targeting their infrastructure and data, organisations should build relationships with technology and service providers to broaden their lines of defence and put in place the following protections: 

Implement DMARC

DMARC will help defend against spam as well as attacks that attempt to use spoofed (imitated) addresses. 

Train staff to identify phishing attempts

Email training can drastically reduce the number of fraudulent emails opened, and work to consistently reduce exposure to email-based threats. Outside of standard educational content, organisations can test their staff with internal phishing campaigns that measure email open rates, link clicks, and responses. 

Turn on 2FA

Additionally, two factor authentication (2FA) provides an extra layer of protection that goes beyond login credentials. Even if credentials are stolen, 2FA prevents that information from being used to access systems without the owner’s consent. 

Finally, ensure you have a phishing response plan and remediation process in place for when an attack does occur. 

As the world becomes more connected and digital, is there an increasing concern around identity theft? 

Yes, this type of fraud is now incredibly far-reaching, costs the globe billions of pounds each year and can be very tough for victims to rectify. Personal data was compromised last year by a record number of breaches, which increased 68% from 2020, says the Identity Theft Research Center. According to Experian, fraud costs the UK economy £193 billion a year, with identity fraud being the single largest contributor.

But there are ways to protect against identity theft, such as signing up for credit monitoring, shredding important documents and making sure you don’t disclose personal information online. For example, if you’re unsure whether an email or phone call from your bank requesting information or payment is genuine, call the number on the back of your bank card and ask them for verification. Don’t call the number in the email or on the voice message, as it is likely to be fake. 

What do you see as being one of the top emerging cyber trends this year?

At RSA, there was much discussion about the Russian-Ukraine conflict and the impact it was having on cybersecurity, and how the industry must collaborate and share information in order to protect against an ever increasing number of cyber threats. 

There was also emphasis on how cyber risk is no longer limited to a manageable perimeter, but rather a growing interconnected network of assets far beyond the organisation's direct control. This expanding attack surface often presents softer targets for hackers to compromise and go undetected for long periods of time, a trend we’ll continue to see increase as the digital supply chain grows. 

In a recent survey of CISOs, 52% agreed that since the COVID pandemic, cyber threats have become fiercer and 64% say a breach that exposes sensitive customer data is their top fear. With cybercriminals employing more sophisticated tactics in order to steal valuable data, the emphasis on keeping it secure has never been greater. Therefore, it’s critical for businesses to put adequate security measures in place, protecting data throughout its journey and controlling and monitoring access even when it has left the organisation. 

What can we expect from HelpSystems in 2022? 

HelpSystems will continue to focus within data security and infrastructure protection both from a product and managed services perspective. We’ll continue to look for opportunities to add more capabilities within these categories and also enhance the compatibility and interoperability between existing product lines. We’ve already released bundled offerings for phishing protection, secure file transfer with rights management, and vulnerability management and red teaming to meet customer requirements, and we’ll continue to work with customers to help them solve their cybersecurity challenges 


Featured Articles

Worldwide IT Outage Not Cyber Attack - But Software Update

The global IT outage that is being described as one of the biggest ever is thankfully not being attributed to a cyber attack, but rather a software update

Companies Across Cyber Sphere Warn of Surge in DDoS attacks

DDoS attacks have over doubled in a year, with multiple reports highlighting how political instability around the globe could be behind it

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

Operational Security

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

Network Security

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security