Just as people are unique, so is their value to cyber attackers and risk to employers. They have distinct digital habits and weak spots. End users are targeted by attackers in diverse ways and with varying intensity. And they have unique professional contacts and privileged access to data on the network and in the cloud.
Building a people-centric defense is a multipronged approach that addresses the three main factors in end-user security risk:
Vulnerability. Reducing users’ vulnerability to threats and making them more resilient.
Attacks. Preventing, defending against and responding to the whole spectrum of modern cyber threats.
Privilege. Managing access to sensitive data and ensuring that users are fully in control of their accounts.
Many cybersecurity tools may promise some or many of these capabilities. That’s why separating marketing hype from real-world value is critical. When deploying your own people-centric defenses, consider tools that address end user vulnerability, attacks, and privilege in a holistic, integrated fashion.
A people-centric cyber defense starts and ends with the end user. Here are the questions your cybersecurity solution should help you answer—quickly, accurately, and confidently.
See how Proofpoint Targeted Attack Protection helps identify your Very Attacked People
Who are my Very Attacked People™?
All cyber attacks are not created equal. While everyone is potentially harmful, some are more dangerous, targeted, or sophisticated than others.
Indiscriminate “commodity” threats might be more numerous than other kinds of threats. But they’re usually less worrisome because they’re well understood and easily blocked. Other end user security threats might appear in only a handful of attacks. But they can pose a more serious danger because of their sophistication or the people they target.
Rich threat intelligence and timely insight are the keys to quantifying this aspect of end-user cyber risk. The factors that should weigh most heavily in each end users’ assessment include:
- The cyber criminal’s sophistication
- The spread and focus of attacks
- The attack type
- Overall attack volume
How vulnerable are end users to attacks that target them?
The first step to making end users more resistant to cyber threats is making them more aware of the security risk. That’s why cybersecurity awareness training is the foundation of making end users less vulnerable.
Simulated attacks, especially those that mimic real-world techniques, can help identify who’s most susceptible and to what tactics.
For true resilience, your phishing training simulations should reflect current, real-world attacks trends. The most effective training imitates on your organization’s unique attack profile, drawing on both internal threat activity and external threat trends.
The cybersecurity solution should make reporting phishing and other security threats easy—a single click within end users’ email application. Email flagged by users should take priority for analysis. And verified threats should be automatically quarantined or, if they’ve already been delivered, removed from users’ inboxes.
The best security awareness and training solutions identify end users that appear especially prone to clicking unsafe emails for follow-up training, ideally in real time.
See how Proofpoint Phishing Simulation and Security and Awareness Training can make your people more resilient
See how Proofpoint Cloud Access Security Broker can help you protect your cloud accounts
Have their accounts been compromised?
Attacks come in all forms, using a wide range of tactics, techniques, and procedures. That’s why your cybersecurity defenses must cover the entire gamut of threats, attack vectors, and tactics— focusing on the channels that present the biggest security risks.
Today’s biggest threat vectors include email (where more than 90% of all targeted attacks enter) along with the web, the cloud, and social media. Often, attackers use these channels together, such as an impostor social media account posting links to phishing websites.
Protecting sensitive information starts with knowing where it lives, who (and what apps) have access to it, and how exposed it is. Consider solutions that provide a single view of your most sensitive information and any potentially risky exposure.
The cybersecurity solution should also spot and respond to suspicious activity—and not just the usual behavioral clues, such as unusual logins, file permissions, and data transfers. You should also look for things such as:
- What networks the logins are coming from
- What browser they’re using
- What VPNs they’re on
Correlated with threat intelligence, these traits can help spot compromised accounts with fewer false positives.
How can I contain these threats?
If something doesn’t look right, the cybersecurity solution should automatically step up authentication requirements or revoke access. And if the end user is highly vulnerable or targeted, you should take proactive measures to protect those accounts.
At the same time, your data loss protection (DLP) tools should work automatically and transparently to contain the potential harm of comprised accounts.
The most effective cybersecurity solutions put all of these pieces together for a full-picture view of which end users have access to what data and how it’s being used.
Beyond preventing ever-evolving technical exploits, you can prevent many cyber attacks with email authentication. A modern solution must also have intelligent features to recognize and block social engineering techniques used in phishing, email fraud, and lookalike domain spoofing.
It should also make responding and remediating threats easy, orchestrating and automating key aspects of the incident response process such as:
- Removing unsafe email from users’ inboxes
- Restricting or revoking VPN access
- Blocking access to compromised and unsafe websites and file-sharing services
- Updating network access controls and application control systems
At the same time, look for incident response tools should that enrich security alerts with advanced forensics and collect and verify indicators of compromise (IOC). Beyond detailed threat intel, responders should have a full people-centric view of which end users are under security attacks, which department they work in, and whether they’ve been compromised before.
Security awareness training can also play a role in mitigating privilege-based risks. End users with access to sensitive information should be reminded of good digital hygiene practices. Heavily targeted and highly vulnerable end users should get targeted security training and be made aware of their individual risk.