SafetyDetectives spoke with Tal Zamir, CTO at Perception Point, about the company’s prevention-as-a-service platform, cybersecurity challenges that businesses are facing, securing company data with a remote or hybrid team, common misconceptions and misunderstandings about cybersecurity, and more.
Can you talk about your background and your current role at Perception Point?
I’ve been building cybersecurity and enterprise IT products for the last two decades, in organizations such as the Israeli Ministry of Defense, Wanova, VMware, and Team8. I have also founded a cyber startup called Hysolate. Currently, I serve as the Chief Technology Officer at Perception Point, where I am responsible for leading the company’s technology strategy, cultivating tech partnerships, driving innovation, and overseeing various technical aspects of our operations.
What does it mean to be a Prevention-as-a-Service company?
At Perception Point, our primary focus is to provide Prevention-as-a-Service to organizations, ensuring robust protection against user-related cyber threats. Our approach involves detecting, preventing, and remediating a wide range of attacks, including phishing, ransomware, and zero-day vulnerabilities across multiple attack surfaces such as email, browsers, cloud collaboration apps, and cloud storage. One of our key differentiators is that our offerings always include a 24×7 managed incident response service, which proves invaluable to customers who may lack the necessary resources to operate security products effectively.
What are the most significant cybersecurity challenges and trends that organizations are facing today?
Organizations today face several critical cybersecurity challenges and must adapt to ongoing trends to protect their digital assets effectively. Some of the prominent challenges include Business Email Compromise (BEC) and social engineering, which are becoming increasingly sophisticated with the aid of AI. Phishing and credential theft, often facilitated by AI-powered techniques, are also major concerns. Additionally, malware threats originating from malicious email attachments or disguised downloads pose significant risks. Attacks targeting email and other web apps, including modern SaaS cloud applications, are prevalent and demand attention from organizations to prevent potential breaches.
In your experience, how can businesses effectively protect their data while adopting emerging technologies, such as AI?
When it comes to adopting emerging technologies, businesses must prioritize data protection alongside innovation. For modern cloud applications that gained popularity during the COVID era, organizations can safely embrace them by implementing security controls behind the scenes. Advanced solutions like Perception Point can seamlessly safeguard these applications, whether through browser security or API integration.
Another emerging area is generative AI. Organizations can adopt it safely by considering a few key factors. In cases where AI is useful for non-sensitive data, e.g. marketing purposes, organizations can utilize it without exposing sensitive data to risk. In other cases, organizations can deploy AI models from providers like OpenAI with Azure, and can ensure compliance by limiting data retention and opting out of data sharing. However, it is crucial to address legal and regulatory risks, such as copyrighted materials, code, sensitive customer data, and trade secrets. The future holds promise for enterprise apps, including those from Microsoft, which will provide GenAI technologies while preserving the safety of enterprise data.
Given the increasing popularity of remote work and cloud-based operations, how can companies ensure the data is secure?
Companies embracing remote work and cloud-based operations must prioritize data security. To achieve this, organizations should adopt advanced messaging and collaboration app security solutions that seamlessly integrate into these platforms. These solutions play a vital role in safeguarding against malicious content introduced by third parties or employees. Furthermore, implementing advanced browser security solutions becomes crucial in protecting users across various websites and web apps, effectively mitigating modern phishing attacks and malicious downloads.
What are some common misconceptions or misunderstandings about cybersecurity that you’d like to clarify?
It’s important to dispel some common misconceptions surrounding cybersecurity:
- “I’m covered on email security with default security”: Default security measures are rarely sufficient to combat the commoditized nature of email attacks. Robust email security requires more advanced controls to ensure comprehensive protection. We see the default Microsoft/Google protection missing a huge amount of attacks that we catch, especially on email.
- “My company is too small to care”: With the decreasing cost of conducting sophisticated attacks, every organization, regardless of size, is a potential target. It is crucial for businesses of all sizes to prioritize cybersecurity.
- “Covering email is enough”: Attackers are well aware of the monitoring surrounding email communications. As a result, they often launch their attacks through alternative channels such as instant messaging apps like WhatsApp Web, collaboration apps, CRM systems, and malvertising attacks that appear in the browser. Organizations must have comprehensive security measures that extend beyond email to ensure holistic protection.
This article first appeared in SafetyDetectives on May 23, 2023, written by Shauli Zacks.