6 minute read
Cybersecurity and Risks You Never Thought About
the radical swimsuit history of the From bathing in the buff to bloomers and bikinis, how women’s swimsuits have always been on the front lines of feminism. Cybersecurity and risks you never thought about In conversation with Perry Carpenter, Chief Evangelist at KnowBe4
Gaper’s Director of Business Development, Mark Allen, sat down with Perry for a little chat about his professional career and insights about remote work and its future.
Advertisement
Cybersecurity & Risks You Never Thought About
Perry’s Career in IT Perry started out his career as an IT developer and programmer and followed a path that is familiar to most in the field. That is, working up the career ladder until there is no further room for growth. After this point, like many others, Perry also started to explore other avenues of professional life. During this, he got into analytics and led a team of statisticians at Sam’s Club (owned by Walmart). He had also worked as a programmer at Walmart before. Perry then moved into cybersecurity at Alltel Communications where he ran a lot of their enterprise strategy services for security. Then, at Gartner, he worked on a number of research areas around identity and access management, data leak prevention, along with mentoring services. He then made a leap into the vendor world where Perry now works in the field of security awareness which entails crafting strategies at KnowBe4 for their customer market.
Q. What was your first programming language? A. C++! In his early days of programming, Perry also had to decode Cobol and JCL at a time when they were falling out of fashion.
KnowBe4 KnowBe4 is a security awareness firm. The objective is to train the end-user with regard to interacting with the computing environment in a way that mitigates the inherent risks that come with working with computers. For Perry, it is more about the behavior science behind users’ engagement with computers. Perry has also written a book on the topic called Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors. He surmises that when we say “security awareness”, it is straightforward enough to understand what ‘security’ would mean, but what role does ‘awareness’ have to play? Awareness here is not restricted to just knowledge. You can teach people, even test them on what they have learned, but it won’t be meaningful until they actually implement their learnings and apply the principles in practice. So, Perry’s focus has thus been focused on delivering services that are aimed at channeling and developing the right behaviors. Perry finds that “security awareness” has an inherent logical fallacy (he discusses this in his book as well). It suffers from what Perry calls the ‘knowledge-intention-behavior gap’. This is to say that just because we know something does not mean that we act on it (whether we intend to or not). Kind of like new year’s resolutions. We keep making tradeoffs until the behavior we intended to engage in simply is not part of our priorities anymore. Perry summarizes these ideas into three realities that people need to grapple with: “Just because I’m aware doesn’t mean I care”. “If we try to work against human nature, we will fail”. “What an employee does is way more important than what they know”. Interestingly, in the case of cybersecurity, IT folks tend to be some of the worst offenders when it comes to these ideas. A lot of the stuff that is preached ends up not being done. For example, does everyone in IT conform to impeccable password hygiene (resetting it every so often, having different passwords for different places, setting up multi-factor authentication etc)? Chances are, no. They too end up making tradeoffs (with time and effort mainly) and do the exact same thing that other non-tech-savvy people may be judged for. Cybercrime is on the rise. In particular, during COVID lockdowns, Perry’s company observed a spike in certain social engineering activities such as phishing and cold calls that make a victim download malware or ransomware on their personal or organization computer systems. In doing so, the vector that many cyber-criminals used was the COVID card by sending out malicious emails disguised as information and updates about the virus or its vaccines, and sometimes adopting a more political tone. This allowed them to prey on This allowed them to prey on a reader’s emotions like fear, doubt, uncertainty, and political inclinations. Through these sensitive times and a greater threat of cyberattacks, KnowBe4 was a source for businesses to help them navigate the confusing and rather dangerous socialdigital landscape.
Cybersecurity Issues You Never Thought About Another thing to note is that during COVID, people were working from home. Remote work translates to a higher risk of hacking and cyber security breaches which makes it essential to follow data protection tips. Their
personal computers were at a greater risk of cyber-attacks which in turn put the company’s internal networks (accessed through the personal computers) in a precarious position as well. Let’s suppose you have a virtual voice assistant device in your home (Google Assistant, Amazon Alexa, Siri, etc.) and you’re talking in a meeting in your living room discussing sensitive information about mergers and acquisitions in your company. These devices would otherwise be excluded in such environments, but are present in your home-office setting. You could also have some physical documents or notes lying around (or perhaps a whiteboard) that others coming in and out of your house could read. Level this by adding other household members who also work from home. Your whiteboard, for example, could appear in the background of your partner’s work meeting or your child’s virtual classroom. How many people can now access information that is meant to strictly stay within your company? In short, flexible work now means that it is not just the digital environment that is grounds for security breaches - your physical environment poses a risk as well.
WFH Is Here To Stay And We Have To Be Prepared Perry, like many others, is also of the view that remote work and work from home models of work will now be a normal part of our careers but we also need to be prepared for it properly. With big companies and startups now moving to a remote or hybrid environment, adjusting to good remote work practices is of huge significance now. Businesses that do not offer flexible work fell victim to the great resignations and tech talent shortages. With such flexibility also comes more flexibility for hackers. Businesses should take appropriate measures and create the right kind of “security awareness” to protect their internal networks against cyberthreats. In addition to training businesses to engage in (not just know) good security practices, KnowBe4 has more exciting things lined up for the months ahead as well! With such flexibility also comes more flexibility for hackers. Businesses should take appropriate measures and create the right kind of “security awareness” to protect their internal networks against cyberthreats.
