The days of deploying the same controls for all employees are over. The threat profile for each employee, department, team, job role and access to controls is entirely different. In part 1 of this blog series, Protecting People – The New Perimeter Part 1, we covered the evolving threat landscape and how today’s top cybersecurity risks are people-centric. This post will discuss how to choose the proper protection for the right people and why it’s so important.
How Do You Protect Your People?
Criminals have different motivations for targeting different people in your organization, so it’s important to understand who your Very Attacked People™ (VAPs) are. Who is vulnerable? Who is likely to be attacked? Who has privileged access?
When you understand who does what in your organization, and why they might be on attackers’ radar, you can implement defenses that work against the threats that target specific job roles.
Let’s look at three examples:
Figure 1. People are complex and different.
Figure 2. Protection for people, how and where they need it.
Hear more about these examples in this short extract from our webinar:
Webinar Video: The Right Protection for the Right People
Stop malware from reaching your people and increase operational efficiency
Security controls often focus on endpoint detection and response by remediating attacks that have already broken through defenses. The early phase in the attack chain is often neglected, but it’s so important to prevent attacks before they cause damage.
Increase your defenses in the initial stages of the attack chain by protecting your number one threat vector—email security. If you block more threats upfront and have fewer emails reaching users’ inboxes, there will be fewer phishing reports for your IT teams to review. Also, because your organization will spend less time addressing attacks that have slipped past defenses, you can improve your operational efficiency.
Consider PerkinElmer, Inc., which was able to block 99% of threats from getting through. Now, it’s teams can work more efficiently because they’re spending far less time assessing a flood of cyber threats. Jim Forsyth, PerkinElmer’s senior network engineer, global IT infrastructure, said:
“Financial hacking groups targeted us, putting personal credentials at risk. Ransomware threats are real. Our spam and antivirus solutions weren’t adequate anymore… Proofpoint TAP (Targeted Attack protection) helped tremendously… It reduced malicious emails, attachments, and URLs getting through by 99%.”
You can read the full PerkinElmer customer story here.
Protecting your number one threat vector with a platform approach
Setting up effective defenses to deflect threats early in the attack chain reduces your risk profile. Your people can’t click malicious links or download malicious files if those threats never reach their inbox. A targeted, platform approach to email security like Proofpoint Advanced Threat Protection can help. It includes:
- Implementing controls to block threats from entering your organization by email. Checking the authenticity of emails helps to block impersonation attempts.
- Increasing user resilience by educating your people with a program like Proofpoint Security Awareness Training. If an email does get through, are your people trained to make sure the email is legitimate? Do they know to triple check that the attachment or link isn’t malicious before they click or open it?
- Using post-delivery remediation, so if the user does click a malicious link, these unknown URLs can be isolated at the time of the click, preventing malware from entering your organization.
- Building automation into the workflow to improve operational efficiency. If a user reports a malicious email, that email can be pulled out automatically from everyone’s inbox.
Figure 3. The platform approach to protecting your people.
Get a comprehensive view of your risk posture across your email infrastructure with a free email rapid risk assessment from Proofpoint.
And learn more about how to protect your number one threat vector and identify your organization’s VAPs in our webinar, “Protecting People: The New Perimeter.”
Subscribe to the Proofpoint Blog