Phishing has become one of the biggest concerns industry verticals, along with protecting data in cloud environments and on mobile devices in the infrastructure.
Within a public cloud architecture, data that resides in a public cloud infrastructure is treated very differently that anything in a private cloud environment or internal to the organization. A lot of it has to do with data classification to find out what kind of data would be in that public environment, who has access to it, and making sure certain controls were put in place to protect those assets.
Spear phishing continues to be a very big issue, and there now exist several kinds of tech to help combat these attacks. For example, a tool like Phishme, acts as an Outlook plugin that empowers an end-user and provides vigilance to them so that they can see, identify and send potential phishing campaigns in order to give the security teams awareness. It lets them know what they’re after and what they should do to remediate any kind of phishing attacks.
Conduct phishing exercises is another very important practice in any organization. In one example shared during the discussion, out of the 300 emails that were sent, 50 people clicked on them and entered their network credentials to “win a Fit Bit.” So, conducting these types of exercises proved effective in that instance as it allowed for training opportunities.
Another question was how do you protect your brand on social media? Some organizations have entire teams dedicated to protecting their brand. Another way of doing it involves monitoring apps in specific app stores that would be tied to social media. The big things the group talked about in the mobile space included topics like what are the biggest threats, what are third party applications running, and are they identifying themselves as your corporate application?