Flavio Aggio, CISO on the World Health Organization, has had a difficult yr. Because the onset of the COVID-19 pandemic, the WHO has grow to be a major goal for cybercriminals, and cyber assaults in opposition to the group have skyrocketed.
He just lately spoke at Cyber Week 2021 in Tel Aviv, and on this interview with Assist Web Safety, Aggio talks concerning the fashionable menace panorama and affords ideas for organizations that need to improve their safety posture.
Previous to becoming a member of WHO, you have been the CTO of the Metropolis and County of San Francisco. How did your earlier work experiences assist you in your present CISO function?
Previous to becoming a member of the World Well being Group, I used to be the CTO on the Metropolis and County of San Francisco, the place I developed know-how options to modernize and shield town. Earlier than that, I held technical management positions in Enterprise Structure, Venture Administration, Telecommunications, and IT operations with Unisys, ASML, Dow Chemical, and Rohm & Haas.
These experiences confirmed cybersecurity is an ever evolving, altering, and difficult area, and so they helped me to grasp how folks, course of, and know-how are the important thing components in digital transformations and threat administration. Cybersecurity have to be a part of each resolution from growth to operations.
Because the begin of the COVID-19 pandemic, the WHO has grow to be an enormous goal for cybercriminals. How has your group tailored to a major improve in cyber assaults? Are associated organizations taking a look at you for steerage?
Because the begin of the COVID-19 pandemic, WHO has seen a dramatic improve within the quantity and complexity of cyberattacks directed at its employees, and e-mail scams focusing on the general public at massive. My group has labored with the non-public sector to determine extra sturdy cybersecurity techniques and to strengthen safety measures and to coach employees on cybersecurity dangers.
Cybersecurity collaboration with associated organizations elevated dramatically as a result of improve within the quantity and complexity of cyberattacks. There’s loads of steerage exchanged by serving to organizations to be extra ready.
One instance of steerage obtained by WHO is the implementation of DMARC (Area-based Message Authentication, Reporting and Conformance) to scale back the variety of e-mail impersonations. After the implementation of DMARC, my group is giving the identical DMARC steerage to different organizations. One other instance of steerage given by my group is the month-to-month phishing train methodology adopted at WHO.
Pandemic-related phishing assaults and disinformation campaigns proceed to create hassle. What recommendation would you give to organizations contemplating safety consciousness applications, however are uncertain about what they want?
Phishing assaults have been broadly utilized by cybercriminals as fundamental doorways to organizations. Attackers can simply manipulate folks into clicking hyperlinks or open information. By having a cybersecurity awareness marketing campaign with fixed phishing workout routines, any group can put together themselves to take care of any such assault as any preventive know-how might be bypassed ultimately. Having e-mail phishing prevention know-how is a should, however it’s not enough to cease phishing assaults. A cybersecurity consciousness marketing campaign is crucial.
While you have a look at the menace panorama usually, what are you most fearful about? How do you anticipate present threats to evolve? What is going to, most certainly, be an enormous drawback just a few years down the road? How can CISOs put together for the unknown?
I’m most fearful about organizations solely counting on know-how to be cyber protected. Cybercriminals will all the time discover methods to trick folks to bypass applied sciences and processes carried out by organizations. It’s important for organizations to undertake a holistic method by together with folks, course of, and know-how of their cybersecurity applications.
By relying solely on know-how and digital transformation efforts, organizations is not going to perceive cyber dangers effectively, and could also be impacted by AI, provide chain, and different sorts of cyberattacks.
CISOs should provoke the zero-trust principles of their organizations, so any options should all the time be capable to by no means belief any consumer or system till they’re correctly authenticated. Id is the brand new perimeter.
Safety leaders should make multi-factor authentication necessary and have extra identification verification measures to make sure solely accredited units can entry the group techniques.