Greg Pepper has been an IT professional for 20+ years with expertise in Security, Networking and Cloud Computing. He started his career working for Sony Online Entertainment, Price Waterhouse Coopers and Organic.
Greg has spent the last 15 years working for Cisco and Check Point, helping customers to design, plan and implement secure networks throughout the Internet Edge, Campus Backbone, Data Center and Cloud Environments.
In this two part interview series, Greg Pepper discusses how to secure a mobile workforce. His insights are particularly relevant given the ubiquity of remote work and the fact that nearly every organization around the world has experienced a mobile malware attack in the last year.
Did you miss part one of this series? Click here.
What are the big cyber threats that remote business executives should think about?
- We are being targeted both in our work lives and personal lives.
- Our mobile devices know the most about us and need more/better/best security.
- All of our employees can and will be targets of cyber attacks.
What cyber security measures should executives put in place?
- Cyber security is really a question of business security. It’s not just about securing your network or your devices; it’s about securing your data and the corporate assets that serve as the foundations of your product or services.
- C-levels should prepare for cyber incidents in the same way that they would prepare for any other type of emergency. Put processes and protocols in place so that if a cyber emergency hits, your people will know what to do and will be able to minimize damage.
Unexpected “danger points” or sources of risk in the distributed environment?
The rapid pace of change in the cloud has created incremental risk for organizations who do not embed security into their CI/CD (continuous integration/continuous deployment) environments. Security needs to shift left to keep up with the accelerated pace of deployment that DevOps is driving today.
Customers have over spent and under implemented, drowning in an excess of tools and tech. However they often don’t deploy with best practices and use of integrations between vendors.
Native controls are good and need to be used according to best practices and compliance requirements, but they are not good enough. Options for cloud network security, posture management, compliance, threat-hunting, and AppSec workload protections exist, which can be integrated to complement and expand native cloud security.
Shared responsibility allows enterprises to bring security with them to the cloud, SaaS and mobile workforce. Organizations just have to choose to bring it with them!
How are IT admins working to address and mitigate social engineering threats?
Social engineering threats are increasing at an exponential rate. One can’t necessarily prevent the threats, but one can add protections for users, devices and applications to help address those risks and vulnerabilities.
Companies now have 70 percent, 80 percent or 90 percent of their workforce operating remotely. Prior to the pandemic, most people worked in the office. So now, people who weren’t previously remote and on certain kinds of devices really rely on mobile devices. Social engineering threats are easy to fall for in the mobile environment.
For example, if you receive a text message and it looks like it came from your mom or your brother or your sister or your spouse, you’re going to click on that link. But it could be malware.
Social engineering threats are very real and securing against them not only requires a technology focused solution, but also requires the right mentalities and sense of awareness among your people.
If you missed part one of this interview series, be sure to check it out.