Protection Starts with People
Defending Against the Next-Generation of Attacks
The headline story of the 2017 threat landscape was the explosive growth of ransomware and the massive email campaigns that delivered it to organisations of all sizes around the world. These attacks caused wide-spread disruption which in turn impacted the bottom-line of many businesses.
But a new trend observed towards the end of 2017 and into 2018, a change in tactic, is that cybercriminals rely less on automated attacks and exploits, shifting instead to social engineering. Threat actors are increasingly targeting people, not infrastructure. A simple internet search can tell them all they need to know about who has access to the system or data they are targeting.
From email to cloud applications, from social media to mobile apps, cyber criminals are now carrying out social engineering at scale. They combine sophisticated, targeted lures and persuasive tricks to trip your employees into click on a link or open an email attachment. They successfully convince your users to open a resume or wire money by spoofing the identity of a trusted company executive – these new threats range from spam that clogs inboxes and wastes resources to targeted email fraud that can cost your organisation millions in losses.
It’s never been a more critical time for your business to rethink how it protects itself.
But there . According to Gartner, more than 60% of IT security budgets are focused on the network. The majority ofremains a disconnect between IT security spending and successful prevention current spend is to defend against the minority of attacks. The battle has changed yet defense spending has not.
To protect your business from the evolving threat landscape, it’s critical that you craft a security strategy that protects the people that are being targeted (your VAPs – Very Attacked People) rather than the technology that they use. You must understand which people have access to valuable data, how those people are targeted by threats, and which users work in high-risk ways – those that are likely to click on malicious links for examples.
At our presentation during CHECKUP 2018, we shared the ways in which security teams can identify who within their organisations keeps clicking, what they are clicking on and why, and the controls they can implement to protect identified VAPs.
Want to learn more about the specific threats against your VAPs? Download Proofpoint’s latest people-centric cybersecurity guide to find out more.
Build a strategy to combat these threats!
SecureLink and Proofpoint (Wombat) help you build a strategy that combats these threats.