In an interview with Michael Santacangelo that was published today in CSO, GreatHorn CEO Kevin O’Brien explains how to replace current approaches to combat phishing with strategies that improve security.

On why security awareness training is a failing strategy to combat phishing:

“Rather than trying to shame and then coach employees, IT leaders should look to create a frictionless information security strategy — one that is natively integrated into the workflows of ordinary users and that complements rather than conflicts with technology-centric security investments.”

On the distinction between compliance and effective security: 

“If you can show you were aware email was a problem and that you invested in security training for employees, then investigators can check those boxes. Meeting compliance doesn’t solve our cybersecurity problems — but for a CSO who is focused on risk reduction, it mitigates blame from the board. Ultimately, effectively securing the email attack surface requires a fundamental shift in the way that you think about mitigating risk.”

What will get us better results?

“We need to strip away all the buzzwords and ask this question: How do we create force multipliers in cybersecurity? The answer is automation. The threat surface is growing, and cybercriminals are becoming more sophisticated.  Through the use of automation tools, security leaders can help their teams more efficiently manage the overwhelming number of alerts and potential vulnerabilities they face on a daily basis. Programmatically remediating low-level threats enables staff to prioritize investigation of critical threats that require human judgement.”

Subscribe to the GreatHorn Blog

We'll email you when we publish new content, but we'll never spam you or share your information.