THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX How to create a thriving business through email trust

FORWARD

“Today the role of the CISO is evolving rapidly. Gone are the days of the CISO as primarily a technologist and reactive fire fighter. In the current threat environment CISOs need to build relationships with other C-suite executives, positioning security as a business & financial risk area worthy of continuous board level attention, and advocating proactive investments to mitigate security risks before the bad news hits. Agari’s solution is a great example of this type of proactive investment. A quick security win which mitigates brand risk, protects customers from harm by email cyber-criminals, and positively impacts the top line.”

—Steve Katz

World’s first Chief Information Security Officer

Former CISO at Citigroup and JP Morgan

Owner, Security Risk Solutions

INTRODUCTION—THIS GUIDE IS FOR YOU

NEW CHALLENGES FOR THE

SECURITY EXECUTIVE

AGARI—YOUR STRATEGIC PARTNER

CONCLUSION

TABLE OF CONTENTS

1

3

5

8

Email delivers revenue to your business. It brings customers,

improves loyalty, and reduces customer acquisition costs.

Protecting company email is a critical security initiative.

Hundreds of companies are victimized by cyber criminals

every month through email scams, fraud, and phishing.The

cost to these companies reaches into the billions of dollars

and has a powerful effect on their brand reputation.

Agari understands the pressures you face as security

becomes even more important in your company. We also

know how important your specific technical and leadership

skills are to assessing and managing your changing business

environment. However, increasing importance placed on

information management, risk management, brand protection,

partner-relationship management, and other business

functions will move you further away from your technical

role and into the wider business spotlight.

“CISOs can play a significant role in transforming security from a set of technologies designed to protect business operations (which is inherently an internally focused approach) to cybersecurity as an important part of the organization’s overall value chain” 1

1 THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX

1 Forrester Research. “Twelve Recommendations for your Security Program in 2015.”

March 12, 2015.

MAKE BRAND PROTECTION

A CORE MISSION OF THE

SECURITY TEAM.

— Forrester Research 1

INTRODUCTION

THIS GUIDE IS FOR YOU1

The security executive function is evolving to include

business objectives related to privacy, centralized global

compliance responsibility, and mastering data analytics, data

retention, and even knowledge management—all revolving

around information risk management practices. Your position

will have newfound visibility and responsibility. You will be

asked to make security decisions to protect your company

and deliver positive ROI, profitability, and sustainability. You

and your company will both benefit as the focus of your role

moves from technology to exercising the business skills and

relationships necessary to truly add value to your company

and its customers.

The security executive position is evolving into that of a

business manager specializing in change management with

refined information security skills. These skills are necessary

to maintain efficient, reliable security processes for your

company, as a security breach can mean a loss of revenue and

may give your competition an advantage. A major security

breach is now considered to be one of the highest business

risks facing companies today.

Agari created this guide for you—the security champion.

We recognize that a critical part of the security executive’s

business acumen is having a secure, trusted email channel

as a core component of a company’s risk management strategy.

2 THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX

1 INTRODUCTION

THIS GUIDE IS FOR YOU

1

NEW CHALLENGES FOR THE SECURITY EXECUTIVE

With a strong, secure risk management system in place,

you’re able to deliver maximum value to stakeholders. But

tenacious cyber criminals still stand in your way, looking to

harness your brand recognition for their own personal gain.

Cyber criminals continue to abuse legitimate companies

through a combination of tactics ranging from forged and

spoofed emails, look-alike domains and phishing sites to

social media hacks, and brand jacking through fraudulent

and malicious mobile applications. Various technologies have

been developed to alleviate the widespread problem of email

phishing, but only a few solutions have warranted the time,

money, and effort to actually justify their implementation.

Cybercrime continues to escalate, frustrating businesses

and impacting their reputations, brands, and ultimately,

customers’ trust.

» Phishing increased 700% from 2008-2012—67% of those

attacks targeted financial and payment service companies.

(DMARC)

» Bad customer experiences cause decreases in both user trust

and activity. Over 42% are less likely to interact with a brand

after being phished or spoofed. (CloudMark)

» The Online Trust Alliance found that as much as 90% of

some companies’ emails are spoofed, yet only 26% of these

companies use any form of email authentication.

3 THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX

2

BAD CUSTOMER EXPERIENCES CAUSE DECREASES

IN BOTH USER TRUST AND ACTIVITY. OVER 42% ARE

LESS LIKELY TO INTERACT WITH A BRAND AFTER

BEING PHISHED OR SPOOFED. (CloudMark)

42%

» A successful attack on 500 customers can cost

a company up to $1.4 million (Cisco Systems)

» Email attacks are becoming increasingly sophisticated

making it more difficult to detect and prevent. In fact,

97% of people globally cannot identify a phishing email.

(Intel Security)

These threats aren’t just security concerns—they’re business

concerns. In fact, the number of business emails sent and

received per day will grow 13% annually over the next four

years to reach more than 143 billion by the end of 2016

(Radicati Group). You have the opportunity to convey these

threats to your company’s senior management and align

yourself with other leading security executives who are

solving these problems.

4 THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX

2

YOU HAVE THE OPPORTUNITY TO

CONVEY THESE THREATS TO YOUR

COMPANY’S SENIOR MANAGEMENT.

NEW CHALLENGES FOR THE SECURITY EXECUTIVE

As a security executive, you’ll benefit from having a strategic

partner like Agari that can add value from day one, and can

assist you in becoming the security expert your company

needs in this changing business environment.

Agari is the only enterprise-ready solution with a proven

record in the cyber-security industry for companies looking

to establish a trusted email channel. Agari will always prioritize

reducing risk within your email ecosystem. This facilitates

protecting your company’s brand and reputation, while

positively impacting revenue. Agari exclusively focuses on

solving the email security problem—and we nail it, which

makes us your perfect security partner.

A partnership with Agari can positively impact the relationships

the security executive has with the rest of the executive team–

supporting them in their areas of responsibility. Together with

Agari, you can help:

» CEOs concentrate on returning shareholder value by

driving business growth. By partnering with Agari, you can

create a trusted email channel that assists in developing more

meaningful, lasting customer relationships. Keeping your

company’s data, network and customers secure from attacks

will allow your CEO to stay focused on growing the business.

.

5 THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX

3 AGARI

YOUR STRATEGIC PARTNER

» CIOs conserve security resources. By working in tandem

with your CIO, you can ensure staff member time is leveraged

in the most efficient manner possible, by letting Agari manage

the security of your outbound email channel. That way, you

can redeploy resources to other important projects while

Agari works with you to provide accurate and actionable

intelligence to make your security team more effective.

» CMOs develop and implement successful marketing

campaigns to increase brand growth and brand equity.

Agari ensures that your marketing team is in charge of your

brand’s first impression to customers, not cyber criminals.

Understanding and communicating the benefits of a trusted

email channel with your CMO will empower them with the

knowledge that their marketing dollars are well spent. With

Agari Customer Protect, you will retain customers, increase

existing customers’ share of wallet, and be able to acquire

new customers at lower costs.

6 THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX

3 AGARI

YOUR STRATEGIC PARTNER

FOCUSING ON BRAND

PROTECTION WILL ALLOW

S&R PROFESSIONALS TO

GAIN THE SUPPORT OF THEIR

CHIEF MARKETING OFFICERS

(CMOS), RAISE THE PROFILE

OF THE SECURITY TEAM,

AND INCREASE THE FIRM’S

ATTENTION ON SECURITY

MEASURES THAT HELP AVOID

BRAND-DAMAGING EVENTS

SUCH AS DATA BREACHES,

SOCIAL MEDIA HACKS, AND

CYBER ESPIONAGE.— Forrester Research 2

2 Forrester Research. “Twelve Recommendations for your Security Program in 2015.”

March 12, 2015.

» CLOs minimize lawsuits and keep legal expenses down.

A strong understanding of compliance and government

regulations surrounding your industry will help you work

closely with your CLO to meet shared objectives. Agari

Customer Protect allows you to do more to proactively

protect your customers while minimizing potential risk

from lawsuits, in the wake of targeted cyber attacks

and data breaches.

» CFOs maintain a secure, consistent business environment,

which facilitates budget preservation. Agari can minimize

some of the unexpected costs that result from a targeted

attack or campaign that has damaged a company’s brand.

Some of these potential unexpected costs include: increase

in customer service spend, security triage, and public relations

fallout post-breach. Deployment of solutions such as Agari

can also reduce a company’s cyber insurance premiums.

7 THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX

3 AGARI

YOUR STRATEGIC PARTNER

Internally focused cyber defense is not enough...The standard security model needs to change from one of compliance—meeting basic standards for data protection—to one that engenders trust among the customer base. Protecting customers, their data, and their experience should be the security function’s No. 1 priority.3

Your career path and job requirements are evolving and will

look very different in the near future. Opportunities abound

for the security executive who is willing to be a business leader.

You have the skills and expertise to take advantage of them by

adding unprecedented value for your company.

Learn more about how Agari Customer Protect has partnered

with other security executives at Fortune 500 companies here.

8 THE SECURITY EXECUTIVE’S GUIDE TO A SECURE INBOX

CONCLUSION4

3 Forrester Research. “CISOs Need To Add Customer Obsession To Their Job Description.”

September 4, 2015.

LEARN MORE

North America +1 (650) 627 7667

Europe +44 (0)20 8973 2600

www.agari.com • info@agari.com