Every month, we peel back the curtain on the IT industry in an exclusive interview with a true thought leader. No corporate scripts, just straight talk from the architects of the future. These are the folks who craft the code, shape the trends, and drive innovation forward.
—
About Johan: Johan has spent most of his career focused on email and collaboration tools with a particular interest in Security. He has been with Mimecast for over 10 years, transitioning recently from his role as Director of Sales Engineering to his current role as Field CTO.
Q: In your time working in the cyber security industry, what have been some major landmarks?
A: There have been so many, and they’ve accelerated as the decades, or the years, have gone on. I’m going to keep it to a few that I think are key. First and foremost is the rate at which the Internet as an infrastructure matured and standardised across the board. I remember the late nineties, using unreliable dial-up connections to try and download email that would take hours. And by 2003, you had an always-on email system that just within seconds transferred traffic across the world. And suddenly, the realisation came about that the Internet could very soon become a reliable service delivery mechanism.
‘I’ve seen the cyber landscape morph in thrilling ways.’
First, the internet transformed from dial-up purgatory to an “always-on” playground, fostering boundless opportunity and lurking threats, in equal measure. Software giants then emerged, consolidating data into tempting treasure chests for attackers. Seismic events such as the Snowden revelations sparked a global privacy firestorm which subsequently shaped the industry, jolted us into awareness, and propelled us to where we stand today.
Q: Email revolutionised the way businesses communicate. Nowadays, we have instant messaging, and yet email remains the most popular channel of comms in business – why do you think this is the case?
A: The simplest answer is that email is universal, just like the mobile phone. It’s rare to find anyone without an email address or who doesn’t use email in some form or capacity.
And then the platform that you could use, again, is universal. You could be using Google, Lotus, Linux, Windows, Mac, a mobile device, tablet, PC or web browser. Across the board, email just works as a communications tool and a communication platform and environment.
Q: With it being such a popular channel, it is understandable that email remains the most common attack vector among businesses. To that end, what are the most important/urgent aspects of email security that business leaders should be addressing?
A: The first examples that come to mind are phony password reset scams, malicious attachments laced with malware or encrypting ransomware, and cunning impersonation schemes manipulating employees. To fight back, arm yourself with advanced phishing detection and enforce tight, secure attachment policies.
The second is malicious attachments, so using attachments to deliver malware payloads. Those payloads could do anything from looking for information within your corporate systems and databanks, to dropping ransomware, which might encrypt your systems.
Finally, the third has to be social engineering. So, that means to impersonation of staff, the impersonation of roles within an organisation, with a view of either enlisting or soliciting an action off the back of it. Those are, and I think will remain, the three key areas for organisations to focus on from an email standpoint.
Q: Mimecast has emphasised the importance of securing collaboration tools like Microsoft Teams – why is that? Are you seeing any early attack trends that our customers need to know about?
A: Listen, the rise of Teams is awesome for collaboration, but the cyber bad guys love it too. They’re slinging phishing scams disguised as urgent notifications, hiding malware in attachments like Trojan horses in gift baskets, and impersonating colleagues to steal data. We at Mimecast are all about staying ahead of the curve, so we’ve got advanced phishing detection tools that sniff out these scams like bloodhounds. We also lock down attachments using the best security and help train your people to spot social engineering shenanigans.
Q: The Covid-19 pandemic was a major upheaval in terms of how we view and navigate work. In your opinion, how did the shift to working from home impact the landscape of email security? Has it made us more security conscious, or less?
A: The pandemic turned our homes into offices, blurring the lines between work and Netflix nights. It’s great for convenience, but our Wi-Fi networks, personal devices, and kid’s tablets suddenly became potential security weak spots. Phishing emails can masquerade as friendly Teams invites, malware lurks in seemingly harmless docs, and shared networks become open doors for attackers. The old office security model was like a moat around a castle – now we’re all out in the wild west.
‘We needed to rethink risk, arm ourselves with endpoint protection shields, and build a security culture that extends to our families. It’s a new frontier, but together we can make it a safe one.’
Q: And now we’re seeing the logical progression towards hybrid working. Is this new model of working resulting in new threats? What do you think SMBs need to be prepared for with hybrid working?
A: Working from home and the office is the new normal, but for small businesses, it can mean big security headaches. Malware hitching a ride on downloaded updates or disguised as innocent documents can spread like wildfire on shared networks. And data exfiltration? Let’s just say your confidential files could find themselves in the wrong hands quicker than one could think. The good news is, there are now ways to defend and protect yourself in more secure ways than ever before. Endpoint protection keeps malware at bay, strong passwords and multi-factor authentication act like personal bouncers for your networks, and security awareness training makes everyone a cyber-sleuth in the office.
Q: A common blocker for security professionals is gaining executive buy-in, However, Mimecast’s State of Email Security Report noted that business leaders are more concerned about data security than anything else nowadays – how do you see this affecting the role of IT and security?
A: Listen, getting buy-in from the bigwigs used to be like scaling Mount Everest, but guess what? Data is the new gold, and protecting it is a top priority for CEOs and CFOs alike. They’re all about confidentiality, integrity, and availability – basically, keeping our digital assets safe and sound. We’re not just talking about preventing leaks; we’re talking about protecting recipes, trade secrets, and customer information – the lifeblood of the business. Regulators are jumping on the bandwagon too, so data security is definitely not a fad.
We also need to balance data safety with protecting people and the whole organisation. It’s all about risk management, understanding what needs shielding and how.
Q: And what about the rest of the workforce? What do you think of the current state of security awareness across SMBs?
A: We’re doing more, that’s for sure. More training, more awareness campaigns, more “don’t click that dodgy link!” posters. But hey, let’s be honest, once-a-year training is about as effective as a paper umbrella in a storm. We need to be making cyber awareness a part of everyone’s daily routine, like brushing your teeth or checking your email.
Focus on good password habits everywhere, not just at work. It’s not about complex gibberish nobody remembers, it’s about smart practices like never reusing passwords and keeping them locked tighter than a bank vault.
Q: What do you see as being the biggest email threats for the year ahead? Is there anything that SMEs, in particular, need to have on their radar?
A: Expect more of the same in the email threat landscape: phishing scams disguised as your best friend’s urgent plea, malware hiding in innocent attachments, and credential leaks that leave your digital door wide open. Data breaches will be big business, with stolen datasets fuelling even more attacks. And don’t forget the supply chain – one weak link can bring down the whole chain.
The good news is that we’re not powerless. We can arm ourselves with endpoint protection shields, multi-factor authentication locks, and strong password chains. We can train our eyes to spot AI-powered phishing scams that sound a little too robotic, a little too perfect. Remember, even low-volume attacks like business email compromise can be devastating. Let’s work together, share intel, and build a community of cyber-resilient organisations. We’re in this together, folks!
Q: Generative AI use cases in business are growing at an exponential rate, and there is a lot of trepidation around the responsible use of AI. What are some of the ways in which GenAI is improving cyber security?
A: The buzz around Generative AI is deafening, and for good reason. This futuristic tech is changing the game in the cyber battlefield, but the “responsible use” alarm bells are ringing loudly.
‘Imagine AI as the eagle-eyed sentry atop the castle walls.’
It scans mountains of data from email filters to firewalls, sniffing out anomalies like a bloodhound on the trail of a bad actor. These machine-learning models are the silent heroes behind most modern security tools, quietly keeping threats at bay.
GenAI takes it a step further. It’s like having a sidekick who can brainstorm potential attack scenarios, from hijacking your industrial control system to infiltrating your network through its weakest link. Imagine presenting your board with a detailed villain plot mapped out by AI – talk about impressing the boss!
Q: What advice would you offer to an IT Leader looking to leverage GenAI to better protect their business today?
A: Think of it as your strategic consultant, not a magic spell. Ask it specific questions that matter to your business, your industry, and your environment. Worried about your internet-connected factory robots? Ask GenAI what could go wrong, and boom, you get a starting point for brainstorming with your team.
It’s like having a brainstorming session on steroids, generating ideas you might never have considered. This helps you focus your resources and attention where it matters most, making you a cybersecurity ninja in no time. Remember, GenAI is a powerful tool, but it’s not a one-stop solution. Use it with wisdom, ask the right questions, and watch your organisation become a fortress against cyber threats!
