While new and sophisticated cyberattacks draw a lot of attention from companies and security experts who need to prepare to fight them, these complex breaches don’t cause the most damage to businesses. The main threats are traditional ones that hit companies every day, according to Laurence Pitt (pictured), global security strategy director at Juniper Networks Inc.

“Everybody seems to believe that they’re going to be the target of the next really big complex, major attack, and the reality is they are not,” Pitt said. “They’ve been hit by the basic slight ransomware, spear-phishing stuff … and they need to have foundational elements in place against those.”

Pitt spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed the main threats to corporate security, the problem with deepfakes and the importance of two-factor authentication.

Social media facilitates threats

Traditional spear-phishing and relatively new deepfakes are targeting enterprises and individuals even easier via social media, according to Pitt. Bad guys leverage evolving technology to obtain personal information, and now they have more tools than ever to manipulate people.

“The fact that we’re all on Instagram, Facebook, Twitter means that social manipulation is a lot easier for the bad guys to be able to create phishing campaigns that appear to be much more targeted,” Pitt explained. “They can generate automated messaging and emails, which will appear to be from whomever you expect to receive them, using words that you think that only they would know about.”

Among the new tools to combat cyberattacks, two-factor authentication is very important and should be used whenever possible, according to Pitt.

“I am very careful with how my passwords are created, but I also turned on two-factor,” he said. “If somebody does try to go into my online password account, I will get an alert to say that they’ve tried to do that.”

With the adoption of biometrics by some devices, such as cell phones, people have started to rely too much on this and not pay adequate attention to passwords, Pitt pointed out.

“You still should back things with strong passwords, because if somebody does get through the biometrics, that shouldn’t automatically give them access to absolutely everything,” he said.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

 Photo: SiliconANGLE