David Meister is a valued technology expert with over 15 years of experience in technical and consultancy roles across a range of technologies, including networking, telecommunications, infrastructure, and cyber security. After starting his career as a network engineer, David's passion for using technology to solve problems led him through various roles, including engineer, technical manager, consultant, and sales professional. As a consultant, David designed technology solutions for organizations in various industries, such as not-for-profit, engineering, mining, and financial services.
David holds technical certifications from Cisco and Microsoft, a Graduate Certificate in IT Management, and a Master’s in Business Administration. Currently, David occupies a pivotal leadership position as the head of Check Point's Global Channel and MSSP program for email security. In this role, he provides essential support and advice to technology companies worldwide, guiding them on the best practices to protect their customers from cyber attacks.
In this exclusive interview, cyber security expert David Meister explores how threat actors are reconfiguring their practices to sleuth past security controls. Discover how comprehensive solutions can protect your people, processes and technologies from highly sophisticated hacker havoc. Stay one step ahead.
Would you like to share insights into the current cyber threat landscape? How should that influence organizations’ choice of email and collaboration security tools?
Threat actors are deploying traditional attack tactics in new ways, a trend occurring across threat vectors. For example, we are seeing malicious links move to QR codes, and Business Email Compromise (BEC) evolving to target Teams and Slack; thus expanding into Business Communication Compromise (BCC).
As threat actors look for new areas to exploit, organizations need to consider the breadth of the cyber security solution in-use within their organization and what vectors are covered. For instance, blocking phishing emails is essential, but consider a scenario where a partner organization is breached and the culprit phishing email comes from a legitimate source. What if a phishing link is hidden in a QR code inside an attachment, or what if that link or QR code comes in via Teams in a busy group chat? The evolution of BEC to BCC should be driving leaders to evaluate their strategy in protecting the entire communication suite, beyond just spam and malware in emails.
How can leaders ensure seamless integration and compatibility of email and collaboration security tools with other cyber security solutions?
It is extremely important that security solutions speak to each other to build a defense-in-depth approach rather relying on single point solutions. This includes integrating with native security provided by Microsoft or Google, as well as integration with security operations platforms used by your SOC. Integrations with Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response Solutions (SOARS), Extended Detection and Response (XDR), and more ensure that threats are not missed and that threat intelligence is shared and acted upon efficiently, enhancing an organization's ability to prevent and respond to attacks.
Leaders should seek out tools that build a “defense in depth” approach to securing an organization. For email security, this means building on top of Microsoft Defender rather than setting up bypass rules, such as those used by legacy SEGs.
Managing time effectively is always a challenge when trying to integrate multiple solutions together. Where possible, using solutions that can be managed from a single interface will both save time and lead to an increased level of security.
To what extent should cyber leaders prioritize user training and awareness programs to enhance email security and the security of collaboration tools?
Awareness training is a key part of any cyber security strategy. A good awareness program should involve a holistic approach to training users. A holistic approach means looking beyond just phishing emails; looking at day-to-day activities of staff and their behaviors. As an example, if you have staff that travel regularly or use their laptops on public transport, have they been educated about the risks and best practices? It is all-too-common to see people in airport lounges leaving laptops unlocked or sitting on public transport with confidential documents open.
When users are educated about risks and secure behaviors, a secure culture starts to emerge. Responsibility for a security culture should go beyond just the CISO. It should include other stakeholders such as HR, finance and people managers. If senior leaders set the right example in terms of secure behavior, others will follow.
It is also important to address the risks of new technologies as they become a part of day-to-day working life. If users assume everything is safe, threats will be missed. So, they need to be educated about always looking out for the unexpected. Teams is now a part of almost everyone’s daily work life, but very few organizations have educated their users on the cyber security risks associated with it.
In short, leaders should prioritize educating users on newer technologies and the threats associated with them.
For organizations that already have email security (Microsoft…etc.), why should leaders consider switching to a stronger email security solutions provider?
Leaders should consider how a malicious actor would attack them. Is their email security exposed to the outside world with mail exchange (MX) records? Are external parties able to share files and to message users via Teams? If this has been considered, how is the organization preventing these threats?
Leaders should assess the speed at which existing cyber security solutions adapt to new threats; the use of cloud-based platforms that are regularly updated and powered by AI will assist in preventing the latest threats, including those associated with BCC.
For more information about recent BCC attacks, please click here.