[BE] Midmarket CIO Blog

Email Intrusion and User Security Training


Author and political theorist Edmund Burke said, “Better be despised for too anxious apprehensions, than ruined by too confident security.”

End user education and security training is pinging on the radars of technology leaders across the Boardroom Events community this month, and even the toughest network firewalls and virus protection services are challenged by the hackers and attackers that lurk in the shadows.

Over half the technology executives attending the Spring 2016 Midmarket CIO Forum in Orlando reported having dedicated budget for data and information security initiatives this year. However, with so many providers in the space, even with dedicated budget, all were still searching for the right solution to support existing infrastructure in their organizations.

Lester Hightower, VP and CIO, at Florida East Coast Railway, attended Midmarket CIO Forum two years ago in Florida where he was first introduced to Mimecast’s cloud-based email security, archiving and continuity platform.

For Hightower, a ransom ware attack earlier this year prompted the release of nearly triple his original budget request to defend FECR against future malicious email infiltration. Alongside the Mimecast implementation three months later, Hightower engaged OpenDNS (recently acquired by Cisco) to further expand threat protection.

Weekly vulnerability reports to his desk were averaging 20 to 25 possible incidents per week, but Hightower said the first three weeks of March yielded zero vulnerabilities.

Jeff Young, VP and CIO at Haynes International, has ramped up his email security focus following a recent early morning email intrusion from a web browser on the manufacturing floor.

After his tasks were completed, a shift supervisor looking to build his own garage clicked on a website that enabled a crypto virus onto the network. Even with Symantec software fully up to date across the company, Young said he questioned whether the anti-virus protection provider is living up to it’s promises.

Carbon Black (formerly Bit9), Comodo, Cylance and Bromium are all currently contenders in consideration to help further fortress Haynes International against future viral intrusions.

Wally Whitley of Bishop Lifting, a manufacturer supporting North American rigging and crane applications around the world, recommended Kaspersky as part of the midmarket IT arsenal against email threats.

A recent internal phishing test distributed by his team to users across the company helped raise awareness, Whitley said, but it only took one staff member at a branch location to open a PDF attachment from an existing customer to trigger a red flag from Kaspersky.

Whitley is among a host of CIOs we’ve heard recently point to security awareness training provider KnowBe4 for end user training, but security experts contend this line of defense is only a tip of the iceberg.

Other IT leaders in the Midmarket CIO Forum community also report using Malwarebytes and Zscaler on top of existing end point protection plans priced appropriately for midmarket companies.

Austin | October 15 - 17, 2017

Blair Shiver
Blair Shiver
Blair is a communications specialist with 15 years experience in the print media sector. Prior to joining Boardroom Events, she was a member of an accomplished sales team in the New York City real estate market. Much of her spare time is spent working with local and regional non-profits to help underserved children and promote sustainable development.​
Recommended Posts