Identifying and protecting all the devices that access your data is an unbounded problem—in other words, you never know when it is complete.
Compare that to identifying and protecting all your users. This is easy because with very few exceptions they all have an email address, which is essentially their identity as far as data access is concerned. So, it makes sense that when you’re looking to protect your organization and your data, you should focus on protecting your people.
Perimeter defenses can’t defend data
The threat landscape has evolved over the years and continues to do so. The early days of viruses written by individuals infecting files to show off their programming skills has developed into a multimillion-dollar business. Threat actors work together buying and selling information and access. In today’s landscape, individual machines aren’t the targets. Instead, whole organizations are the targets—and those organizations are made up of people.
Whether it’s credential phishing, business email compromise (BEC) threats or social engineering attacks across multiple channels, cybercriminals are constantly looking for ways to trick people into giving them something they want. Often, their goal is to access an organization’s data.
Cybersecurity used to rely on perimeter defenses to protect users from cybercriminals, putting them behind firewalls. However, that perimeter has long since dissolved. The range of devices that people use to access data has diversified. Company critical data and systems can be accessed from personal devices such as mobile phones. Identifying and managing all endpoints has always been a challenge for security professionals, but today it’s almost impossible.
Your users are the new perimeter
Unlike endpoints, all email addresses coming in and out of an organization can be identified. This makes it a bounded problem. With very few exceptions, every user that needs to be protected has an email address.
Attackers know this too, which is why email is the starting point for the vast majority of attacks. The added benefit for the threat actor is that the user’s “identity,” as far as data access is concerned, is usually based on their email address. To protect your organization from threat actors, the starting point is email.
Learn more
To find out how you can reduce risk, streamline operations and protect users from attackers that target them across email and other digital channels, check out our Proofpoint Prime web page.