10 minute read
THE LONG HAUL
SANJA HORYLOVA, SALES DIRECTOR, ASBIS MIDDLE EAST, INSPIRES CUSTOMERS AND CHANNEL PARTNERS TO ADAPT, SCALE AND STRIVE FOR EXCELLENCE TO GUARANTEE LONG-TERM OPERATIONS EVEN DURING A CRISIS.
Many organisations across verticals were greatly impacted in the wake of the ongoing pandemic. While some businesses accepted the negative impacts and dwelled on discussions inclined towards doom and gloom, others, such as regional distribution giant ASBIS Middle East focused on alternative growth initiatives and how to make the best of the situation. By adapting to the evolving business landscape, ASBIS was able to sustain and grow its operations.
Advertisement
Sanja Horylova, Sales Director,
ASBIS Middle East, says, “It was certainly a difficult time, however as a distributor with more than two decades of regional experience, we have stood the test of time and proven our reliability to our customers and partners. Over the past few months, we decided to evaluate our systems, work processes and communications to see how we could optimise them.”
According to Horylova, it has also been a time to reflect and learn.
While we are not out of the woods yet, businesses must support one another to continue growing despite challenges.
“One of the most important lessons that resulted from the COVID-19 pandemic is to treat people with respect no matter what. Whether it is your employees, partners, or customers, it is important to understand where they come from and treat them humanely without passing judgments.”
She explains that the second lesson the organisation has embraced during this time is around communications – how it is done, with whom and for how long. It is important to regularly engage with stakeholders for successful long-lasting relationships.
“We invited our partners and systems integrators to be open and honest about their challenges during the lockdown. We made it a point to understand their situation. This way we identified the best way to support them. They appreciated the open communication and thereby strengthened their trust in us.”
ASBIS also went the extra mile to introduce new impactful communication tools and invested in training their workforce to be equipped to work in the digital era.
“We are able to undertake a lot more tasks by effectively managing time and being focused. Every company is responsible for training its employees and help them to upskill continuously. This way it not only motivates the individual but also enables the company to expand.”
The third lesson that has been reinforced by the current situation is that innovation must be an integral part of every firm’s ethos. The distributor was conscious of letting their end-users know that even during these challenging times, the company’s operations hadn’t come to a complete standstill.
“It had only modified and then transformed – which is a natural process of evolution,” notes Horylova.
ASBIS organised many webinars and hosted open seminars to offer end customers detailed information and help them be aware on how innovative technologies that the company housed could enable them to make the transition to digital environments seamlessly.
“We have learned to be more accessible to our partners and we’ve also proven that whatever our customers require, we’ll be present to fulfil those demands.”
At the moment, the market is vulnerable economically, according to Horylova; however, she expects it to be in a recovery mode over the next few months. “This will happen in different phases for different verticals.”
ASBIS is closely monitoring the market trends and economic developments to continue to be the partner of choice for customers as
they get accustomed to operating in the new normal.
“We aim to take the way we work and communicate to new levels. Customers will require a partner who can guide and offer solutions to help them make the necessary upgrades in this evolving work environments. We will continue to expand our portfolio to cater to these demands.”
Horylova attributes the company’s vision, integrity and deep market knowledge as factors that have helped ASBIS to stay resilient and grow its business over the past 20 plus years in the region.
“We know we can deliver despite market circumstances and customers can rely on us because of the integrity we have in everything we do as a company. No matter what the situation is, there is always room for innovation, and this is something we follow at ASBIS,” she says.
Over the coming quarters, we will see the regional distributor doubling down efforts on training channel partners and end-users to be more efficient in the new normal with novel cloud-based technologies. ASBIS will also focus on cybersecurity solutions as this is the need of the hour.
She adds, “I believe customers can be successful in today’s business landscape, only be embracing as much technology as possible. They have to prioritize and invest in digital transformation efforts
seriously. Channel partners must realize that they are a crucial part of the supply chain and invest in skillsets and innovation. ASBIS is here to stay, and our 20-yearlegacy proves that. We encourage customers and partners to reach out to us and converse with our highly proficient team to understand how together we can shape the future of the regional technological landscape.”
HOW TO PREVENT INSIDER THREATS
RENÉE TARUN – DEPUTY CISO AND VICE PRESIDENT INFORMATION SECURITY AT FORTINET, ON THE NEED TO BUILD A HUMAN FIREWALL TO ADDRESS INSIDER THREATS
During the first half of 2020, the FortiGuard Labs team found that evolving work environments and a greater reliance on personal devices presented new opportunities for cybercriminals to exploit enterprise networks. One method that threat actors have heavily relied on as of late is the creation of legitimate-looking phishing emails that can be used to tailor and launch attacks with ease. While this is not a new tactic by any means, these types of social engineering attacks have only grown more sophisticated and damaging as employees continue to work remotely and remain isolated from their teams.
Whether they know it or not, employees can pose a significant risk to the security of enterprise networks and the data they hold. Considering that 68% of organisations feel moderate to extremely vulnerable to insider attacks, as noted in a recent study, it’s clear just how significant this issue is. In addition to those that are considered malicious insiders, these threats can also be attributed to the group known as the “accidental insiders.” According to this same study, security teams view falling victim to phishing attacks (38%) as the top cause for accidental insider threats, followed by spear phishing (21%), poor passwords (16%), and browsing of suspicious websites (7%). In other words, opening the door for cybercriminals can be as simple as clicking on a link or downloading a file without taking the time to determine whether or not it is legitimate.
Careless and negligent behaviours can have a lasting effect on organisations, especially in the case of a data breach. And with more employees working from home, unable to walk over to a coworker’s desk to get their thoughts on a suspicious-looking email, these individuals are more likely to be susceptible to social engineering attacks. With this in mind, it is more important than ever that CISOs prioritise their employees’ cybersecurity awareness to help them understand the role they play in keeping networks secure, and reducing the insider threat risk.
Creating a Human Firewall Through a Culture of Security
Considering employees can be the best line of defense, it is crucial that CISOs protect their organisations by including employee education and awareness in their cybersecurity strategy. By embracing this technique, leaders can ensure the workforce is prepared to face the various threats.
Regardless of job titles or roles, all employees should understand the repercussions of a security event and how it could affect the organisation and them personally. The importance of this enterprise-wide strategic approach was highlighted in a 2019 Forbes Insights survey of over 200 CISOs. When asked
which security initiatives they plan to prioritise in terms of funding over the next five years, 16% of respondents noted the creation of a culture of security.
While this is a step in the right direction, establishing a baseline for good cyber hygiene must begin with CISOs helping their employees take cybersecurity seriously. This can be achieved in the following ways:
Prioritise Cyber Awareness Training
Social engineering attacks are extremely prevalent across organisations simply because they work. In fact, Verizon’s 2019 Data Breach Investigations Report (DBIR) found that approximately one-third of all data breaches involved phishing in one way or another. To combat this risk, CISOs must educate their employees about common attacks that could appear in the form of phishing, spear phishing, smishing, or other tech support scams. Whether these lessons are provided through online meeting spaces, video chat, or email, they should be prioritised. Understanding these threats and their associated red flags will be critical in helping employees avoid falling victim to fake emails or malicious websites.
In addition to teaching about common indicators of cyber scams (i.e., the promotion of “free” deals), these training offerings should also feature simulated phishing exercises designed to test knowledge and determine which employees might need more assistance. Through tactics such as these, employees will be better equipped to know when they are the target of a social engineering attack and can, therefore, act accordingly. Fortinet’s NSE Training Institute offers a free Information Security Awareness training service to educate employees about the increasing risks of cyberattacks and how to identify threats.
Create a Partnership Between the Security Team and Other Departments
Cybersecurity cannot fall on the shoulders of the security and IT teams alone, especially as cyber threats continue to grow more sophisticated and challenging to detect. In addition to ensuring that employees can identify phishing attacks, leaders should also encourage collaboration between the security team and other departments. This means helping both sides understand expectations. While the security team will be the expert in terms of determining the risk and threats, other departments will be critical in helping to develop user-friendly policies that are easy to follow both in the office and in remote work environments, even for those who are not entirely cyber aware.
Through collaborative efforts, CISOs can ensure that all individuals across the organisation are not only aware of security policies but also understand the impact their actions can have on the organisation as a whole. Helping employees understand safe cybersecurity practices and the ramifications their actions can have should lead to improvements in how these individuals respond when confronted with a suspicious email or website, even while working from home.
When employees know what is expected and feel like they are a part of the team, they are more encouraged to follow best practices and help chip away at the behaviors that cause accidental insider issues, such as forgetting to change default passwords or neglecting to use strong passwords. And as more employees follow suit, the human firewall acting as the first line of defense to the organisation will only grow stronger.
Establish Straightforward Best Practices
Even once employees are made aware of what to look for in the case of a social engineering attack, they may still need some guidance when it comes to next steps. While it is easy to ignore or delete a suspicious-looking email, what about those that appear normal that the receiver is still unsure about? In this scenario, CISOs should encourage employees to ask themselves certain questions to help make the right judgment call: Do I know the sender? Was I expecting this email? Is this email invoking a strong emotion like
excitement or fear? Am I being told to act with urgency?
While these questions should help clear up any confusion in regards to whether the email is malicious, the receiver should still take extra steps to protect themselves and their organzation. This includes hovering over links to see if they are legitimate before clicking, not opening unexpected attachments, calling the sender to verify they actually sent the email, and reporting all suspicious emails to the IT or security team. By explaining these steps to their employees from the beginning, CISOs can avoid negative repercussions down the line.
Final Thoughts on Insider Threats
The ability to be cyber aware is a critical piece of the puzzle when it comes to keeping organisations secure. Whether employees realise it or not, their actions could open the door for cybercriminals to access sensitive information, meaning passivity towards security is no longer acceptable.
By prioritising training and collaboration between departments and the security team, CISOs can lay the groundwork for a strong culture of security. Identifying suspicious behaviors, keeping devices up to date, and practicing safe cyber behavior should be built into the fabric of all job roles to ensure that the human firewall continues to stand firm.
