Mimecast November 2019

Page 1

TACKLING CYBERSECURITY IN A CONNECTED ECONOMY


02

tackling cybersecurity in a connected economy WRITTEN BY

OLLIE MULKERRINS PRODUCED BY

ANDREW STUBBINGS

NOVEMBER 2019


03

w w w.mi me c as t . com


MIMECAST

MIMECAST, A CYBER RESILIENCE INDUSTRY LEADER, EXPLAINS THE IMPORTANCE OF MAN AND MACHINE WORKING TOGETHER TO CREATE A ROBUST SECURITY NETWORK

M

imecast, founded in 2003, is an international cyber resilience company, with offices in the UK, US, South Africa, Australia, Europe

and the Middle East. Mimecast uses dispersed data centers, intelligent mail routing and robust cloud 04

security to provide a security network capable of managing over 35,000 customers and 296 billion email accounts, with a 100% uptime service. Mark O’Hare, Chief Information Security Officer at Mimecast was one of the first 25 employees to join the company when he came on board in 2008. This has given Mark a comprehensive understanding of the Mimecast’s inner workings and its position within a rapidly evolving industry. Speaking of the changes in the cyber security industry Mark says: “Organisations can no longer afford to be reactive when it comes to their cybersecurity posture. They need to become more proactive to survive the evolving threats they face. To do that you need that credible and actionable threat intelligence along with a detailed understanding of your vulnerabilities.”


05

The company has won a plethora of awards for its workplace environment, through an ethos of collaborative development and job satisfaction. This methodology extends out to Mimecast’s clients, where transparency, tailored experiences and a focus on the customer reinforces a trusting relationship. As Mark explains: “We have customer success managers and customer experience managers making sure our customers understand that we’re passionate about w w w.mi me c as t . com


MIMECAST

“ Organizations can’t be reactive anymore. You need to be more proactive” — Mark O’Hare, Chief Information Security Officer, Mimecast 06

their security and their well-being, and ensuring they get the most out of our product. After all, we’re building a product for them and not for us.” Mimecast has shifted from an email security-focused platform in its infancy, into a more robust cyber resilience platform. Today Mimecast’s platform takes on a much broader remit, supporting a wider range of customer security needs, such as Awareness Training, Web Security and Threat Intelligence through a single, trusted platform. Organizations that deploy multiple point solutions can often end up with over complicated and over engineered security environments. This leads to poorly implemented and managed services as they attempt to protect multiple facets of a company’s network through several disparate solutions. Complexity is the enemy of security. For Mimecast to achieve its goal of an accessible and reliable cyber resiliency focused product for its clients, it has had to keep simplicity in mind without compromising the platform’s ability to manage the diversifying needs of web-reliant businesses. According to Mark, cybersecurity


CLICK TO WATCH : ‘PRODUCT OVERVIEW: MIMECAST TARGETED THREAT PROTECTION – INTERNAL EMAIL PROTECT’ 07 can appear to be a “piecemeal, frag-

certain environments such as bank-

mented, complex and confusing

ing, manufacturing, health care, land

industry for many.” For that reason, he

insurance, to mention a few, simply

said, Mimecast understood the need

won’t work. Each industry and even

for “a longer-term focus on customer

each organization in each industry

efficiency, making our products easy to

have different requirements and we

deploy and manage, while still allowing

need to cater for all of them.”

for those organizations who require

This approach could not be deliv-

more complex controls to customize

ered by sheer manpower alone and

our product to suit their own unique

so new technologies have had to be

requirements.” Mark admits that no

implemented to cope with the growing

business is exactly the same, meaning

scale of demand. Machine learning

each has a unique risk acceptance

and AI analytics have had a hand

profile. For that reason, he says, “com-

in this, where a platform can moni-

ing in with a cookie cutter approach for

tor user behavior, learning trends in w w w.mi me c as t . com


MIMECAST

08

a way any one user approaches their

employees investigating incidents.

work. When there is a major deviation

“Technology has to evolve to keep

from these operational behaviors, the

up with far more complex and often

machine learning system can flag this

automated threats that we face these

up as a warning event, which can then

days. Traditional methods aren’t

be investigated more thoroughly. As the

enough anymore, we have to embrace

machine learning system gathers more

things like machine learning and AI to

information on the habits of its users it

keep up – essentially fighting threat

is able to make more accurate insights

automation with security automation,”

into what may, or may not, be a threat or

Mark explains.

a security incident, increasing efficiency

Mimecast also offers end user

exponentially and allowing organiza-

cybersecurity training and aware-

tions to scale their security defenses

ness helping organizations to reduce

without having to scale the number of

or eliminate human error. As human


E XE CU T I VE PRO FI LE

Mark O’Hare Mark is a well-seasoned and highly qualified Chief Information Security Officer (CISO) with over 20 years of experience in IT. His skill range is broad but includes Windows, Linux, Networking, Databases, Web Applications, Firewalls, SaaS, IaaS and many other information technologies. He specializes in the Cybersecurity field and has experience in Corporate IT, as well as Cloud-based SaaS environments, including in the challenging and exciting environment of leading the Cybersecurity team for a Cloud-based cybersecurity service. Mark has been involved in successful ISO 27001, ISO 27018, SOC2, HIPAA audits and has managed both the technical and policybased aspects of Mimecast’s security program since 2011. He has performed many risk assessments in line with ISO 27001 requirements and has the ability to identify and develop appropriate remediation plans for critical security risks to a business. He is able to communicate on a technical level with Developers and Technical Operations staff, as well as at a management and board level. This gives him the advantage of understanding the high-level security vision and requirements of a business along with the ability to translate and communicate those requirements effectively to the relevant technical and non-technical teams. Mark feels passionately that security needs to be an enabler in the business, rather than a blocker. Some of Mark’s current and previous certifications and training courses are — CISSP, GSEC, GCFA, MCSE, CCNA, CCSA, CCSE, ACSE, ACSA.

w w w.mi me c as t . com

09


error is the leading cause of security breaches, having highly cybersecurity conscious staff can drastically reduce risk to a business. Mimecast has a Cybersecurity Awareness Training solution that educates employees on the everyday cybersecurity risks employees will face and then importance of being cyber-diligent through highlighting the impact these risks expose organizations to. Mimecast’s Awareness Training modules are tailored toward making cybersecurity

REAL-TIME THREAT INTELLIGENCE POWERED BY MACHINE LEARNING. • Extend threat visibility with the largest breadth of external sources • Respond to alerts relevant to your business 10x faster • Seamlessly integrate with existing security solutions

LEARN MORE AT RECORDEDFUTURE.COM


“There’s a real challenge around educating new staff as they join the business, especially those that have not worked in an environment where cybersecurity training and awareness has been a focus”. An important part of the onboarding program is to let employees know what is expected of them,” says Mark. “The new user onboarding program should cover off the organization’s Acceptable Use Policy and include security awareness training and testing. Employees are often the last line of defense in your security chain, so it’s essential to focus awareness digestible and humorous so

on educating them and making sure

the target audience is engaged. The

they understand what’s at stake when

Mimecast platform also allows organi-

things go wrong.”

zations to test their user’s resilience to phishing attacks through simulated phishing testing campaigns. The platform takes several user behavior metrics into consideration and computes an overall organization risk score. Mark says, “it is great to see your organization’s risk score decreasing over time as your users become better at detecting and reporting phishing scams. This kind of information is also just what Executives and Boards want to see.”

“ Not every business is the same.Coming in with your cookie cutter approach won’t work” — Mark O’Hare, Chief Information Security Officer, Mimecast

w w w.mi me c as t . com

11


MIMECAST

12

The company’s focus on people

amount of time at work so in order to

does not stop there. As rising demand

retain top talent you need to keep them

for cybersecurity continues, so does

happy, enjoying their work and making

the challenge of recruiting good cyber-

them feel that they are part of a mean-

security talent. Mimecast is dedicated

ingful team executing meaning projects.”

to finding the best talent the industry

Also, by enabling its workforce to do

has to offer and fostering a long-term

their job through a thorough a portfolio

relationship through competitive pay

of approved business tools, a business

and job satisfaction. For Mark, it’s all

can ensure its employees are using

about “making sure your team feels

regulated and approved methods,

challenged and that they really enjoy

rather than bringing in external and

coming to work. We spend a significant

unapproved services to process and


13

store sensitive data. Mark explains,

of your data and how it’s protected”

“One of the most important things, as

says Mark.

your company and workforce grows,

Mimecast’s holistic approach to

is giving your users the appropriate

cybersecurity, using technology, threat

tools to get their job done. With so

intelligence and user education has

many SaaS based tools available, it is

led to the creation of a robust platform

now easy for users to leverage unsanc-

able to deal with each customer’s indi-

tioned applications and infrastructure.

vidual requirements.

Shadow IT becomes a major problem because these application have generally not been security approved and the organization ends up losing control w w w.mi me c as t . com


www.mimecast.com


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.