We had the pleasure to interview Michael Osterman, President of Osterman Research. Since its founding, Osterman Research has become one of the leading analyst firms in the messaging and collaboration space, providing research, analysis, white papers and other services to companies like EMC, IBM, Proofpoint, Commvault, RSA, Trend Micro, Barracuda, Malwarebytes, Dell and many others.

Prior to founding Osterman Research, Michael Osterman was the Vice President of Market Research at Creative Networks, a leading market research and consulting firm focused on the messaging and directory markets. Michael has also held positions with the SRI International Business Intelligence Center, Ryan Hankin Kent, ElectroniCast and Gnostic Concepts. His background includes research and analysis of various markets, including computer-aided software engineering, data communications, telecommunications, and fiber optic components.

Michael brings industry insight and an insightful perspective to current security challenges. We asked him the three insightful questions below:

What are the most pressing security challenges business face in 2018?

There are a number of cyber security issues about which IT decision makers and influencers are concerned or very concerned. However, a recent survey we conducted found that four of the top five issues of concern – all of which are an important issue for more than one-half of respondents – are focused on email as a key threat vector: phishing, malware infiltration and spear phishing. That said, a number of other cyber security threats are also of concern, including malware infiltration through Web browsing, data breaches, and account takeover-based email attacks. While ransomware will continue to be a threat, it is now being supplanted by the growth of cryptocurrency mining (or cryptojacking) that can be more profitable than ransomware, and which can create its own set of threats for security teams to address.

What improvements have you seen in past security challenges 5 or so years back and how can we learn as a business community from those lessons to apply to new approaches in the industry today?

Decision makers are focused more on training their users, which is yielding improvements in helping to prevent phishing attacks, CEO Fraud/BEC attacks and the like. Also, the cloud-based and on-premises solutions that organizations are deploying are generally improving, but our research finds that many organizations’ security infrastructure is not improving, or is actually getting worse in some cases.

In terms of lessons learned, there are some fairly basic things that organizations need to do to protect themselves and their data. For example, implement very frequent backups to be able to recover from ransomware attacks. Implement DLP to prevent users from inadvertently sending unencrypted, sensitive data through email. Implement security awareness training so that users are made more aware of security threats. Supplement the native capabilities in Office 365 with third party solutions to improve security capabilities.

And, the FUN Q! If you could select one superhero to fight for the “good” of information security today – who would it be? Why?

I’m not a close follower of superheroes, but if I had to pick one it would be Goku for the following reasons, with info in quotes noted on his Wikipedia page:

A) “Goku is depicted as carefree, cheerful and friendly when at ease, but quickly serious and strategic-minded when in battle.” Security should be as light and unobtrusive to users as possible, but very robust when it encounters a threat.

B) “….he is one of the few who can ride the magic cloud called Kinto’un.” The cloud is an essential element in any security infrastructure today.

Learn more about how DLP and user forensics can fight these challenges at RSA in San Francisco. We’ll be at booth #5110.

Insider Threat Detection