• Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
  • Events
  • Whitepapers
  • Spotlights
  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • You are currently accessing Computing via your Enterprise account.

      If you already have an account please use the link below to sign in.

      If you have any problems with your access or would like to request an individual access account please contact our customer service team.

      Phone: +44 (0) 1858 438800

      Email: customerservices@incisivemedia.com

      • Sign in
     
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • Events
    • Upcoming events
      event logo
      Where the buck stops: Why a shared responsibility model will help you own your cloud security flaws

      This webinar, and accompanying dedicated research, will reveal to what extent organisations are practicing a shared responsibility model for cloud security today and the degree to which IT leaders are aware of what they should be doing to ensure the secure use of their multi- and hybrid-cloud environments.

      • Date: 27 Jan 2021
      event logo
      Leveraging the Cloud to Defeat Data Disasters

      Join us and learn how your IT team can realize many of the powerful advantages of the cloud and solve the operational complexity behind managing data across hybrid and multi-cloud IT environments with centralized management, automation, end-to-end security, and lower TCO.

      • Date: 28 Jan 2021
      event logo
      Deskflix Hybrid and Multi Cloud

      One of the most powerful tools for breaking down silos and integrating resources is cloud computing. But multi-tenancy cloud is not the ideal environment for every application or every class of data and some will need to remain on-prem for the foreseeable future; nor are all clouds equal. Tune in to Deskflix season 1 to hear industry experts speak on the questions you need answered on hybrid and multi cloud.

      • Date: 10 Feb 2021
      event logo
      Deskflix Financial Services

      oin us for this episode of Deskflix to hear from industry experts and peers on their 2020 best practices, what they’ve learnt for 2021 and how they plan to overcome the next wave of disruption.

      • Date: 03 Mar 2021
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      Darktrace 120x194
      Cyber AI Response: Threat Report 2019

      This white paper details 7 case studies of attacks that were intercepted and neutralised by Darktrace cyber defense AI, including a zero-day trojan in a manufacturing company's network. Learn how Darktrace Antigena AI Response modules fight back autonomously, no matter where a threat may emerge, extending to the Cloud, Email and SaaS.

      Download
      Darktrace 120x194
      Cyber AI & Darktrace Cloud

      This white paper explores how cloud is a security blind spot for many organisations who struggle with the limited visibility and control in this new environment, where their existing security tools are often not applicable.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Spotlights
    • Spotlights

      Welcome to Computing's Spotlight section, where we focus in on particularly important themes and topics of enterprise IT.

      Intel logo

       

      Endpoint Management and Security Hub

  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
Computing
Computing
  • Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • You are currently accessing Computing via your Enterprise account.

    If you already have an account please use the link below to sign in.

    If you have any problems with your access or would like to request an individual access account please contact our customer service team.

    Phone: +44 (0) 1858 438800

    Email: customerservices@incisivemedia.com

    • Sign in
 
 

Sponsor content:

What's this?

This content has been provided by our sponsors and is a paid advertisement.
  • Security

Don't forget the people in the rush for protection

It’s not just good security practice – focusing on people can help secure a seat for IT at the top table

Identity your most at-risk people and bring them onboard with your efforts to protect them, says Proofpoint's Adenike Cosgrove
Identity your most at-risk people and bring them onboard with your efforts to protect them, says Proofpoint's Adenike Cosgrove
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

It will come as no surprise to most Computing readers that many cyberattacks this year played on the fears and uncertainties around Covid-19. In fact, the shift has been larger than most would expect, with almost every social engineering attack seen by cyber security firm Proofpoint this year leveraging the pandemic in some way.

"There's been a massive shift to criminals leveraging COVID as a current topic," says Adenike Cosgrove of Proofpoint, "whether it's 'Click here to see who's been infected', 'Click here to get the latest cure', or 'Click here to make sure that you're still getting your payslip'. And, unfortunately, some people are being drawn in by, 'Click here to make sure you're not on the [redundancy] list'. They're really leveraging that fear and anxiety to socially engineer and exploit people."

The shift to remote working this year has caused many cyber criminals to move away from exploiting technical vulnerabilities to social ones. Email is a major attack vector, where impersonation is relatively simple, and stealing credentials - which Proofpoint calls Business Email Compromise, or BEC - is simply a case of getting a busy worker to click on a link.

"If we look at Business Email Compromise specifically, we saw over 7,000 CEOs and other executives being impersonated in email [this year]… We continue to use email to do business, and especially now we're using it even more, because…it's impossible for us to go to a colleague, walk over to their desk and ask them a question; and so, we send an email. We're sending email to our business suppliers and business partners; we're sending emails to our customers, and the criminals recognise this. Why would I try to hack the network or the data centre, which is increasingly being outsourced to Google, Microsoft and Amazon, when I can get somebody to give up their credentials?"

Swapping nets for spears

The number of attacks hasn't risen any more than would normally be expected year-on-year; they're simply becoming more targeted, in both the victim and the bait. Criminals are also combining attacks: an initial assault might steal credentials, which are used for internal phishing, or malware delivery. The impact is significant: cyber insurance firm AIG announced last year that more claims were made for BEC than for any other type of attack, including malware, ransomware and denial of service.

"Companies are losing hundreds of millions of dollars to a single attack," says Cosgrove.

Despite the damage BEC causes, there is no silver bullet: no simple software tool that can completely stop email attacks, especially those without a payload. There are technologies that can block specific types of attack, like DMARC email authentication for domain name spoofing, or AI algorithms for display name spoofing; but there is no single solution that addresses them all.

Click here to access the Delta report on identity and access management

Cosgrove recommends not only employee training, but bringing them on-side with your security team. Instead of security being seen as the ones that will name and shame when someone clicks a malicious link, they should instead be the ones who will work alongside that person to ensure it doesn't happen again:

"No technology can 100 per cent guarantee that nothing bad will ever land in your inbox, and that's why it's critical that security professionals not only block these threats, but communicate the threats that have been blocked to the end users that have been targeted. Let them know that they're being targeted, and educate them on the behaviour they need to follow to alert security if they think they've received something that looks a little bit malicious. Make it easy, because they're the victim.

"So, if somebody clicks something, don't blame them, don't shame them. We need to make sure that they are comfortable enough to notify the security team that something went wrong… Make it easy for them to communicate that to the security team."

A people-centric view of security supports the more common technical approach. As well as building a schematic of the network, understanding the state of endpoints and so on, security professionals need to work with users - not see them as an impediment.

"You need to understand who those VAPs are - those very attackable people - and you need to make sure that you're protecting those people from the criminals that are targeting them."

Working with users also helps to counter the growing threat of internal compromise, which could come from malicious insiders, compromised users or plain old human error.

Malicious insiders are the lowest percentage of internal threats Proofpoint sees - about 14 per cent. These are people who are typically looking for revenge for a perceived slight. More common are the compromised insiders, where a criminal has stolen credentials and is using them to steal company data. The largest internal threat, however, comes from accidental users: those who may not know company policy, and use personal devices, or shift important data to a cloud drive in an effort to be more efficient. "That's about 60 per cent of the insider incidents that we identify at ProofPoint," Cosgrove says.

Focusing on people is not just good security practice; it also has implications for the role of IT in business. The desire for a seat at the board table is a common one, enabling CISOs to communicate security risk in a language that the business understands.

"If there's one thing that a business understands, it's people - because the people are working to generate revenue for the organisation, and if they're being targeted and if they're impacted, that's going to impact the bottom line of the business - and you can start to quantify that. You can start to give visibility into who's being targeted, and you can link that back to the potential impact that will have on the business.

"My key recommendation is to build that people-centric security programming strategy. Understand who's vulnerable, understand who's under attack, understand who has privileged access to sensitive systems and data, and implement controls to protect those people."

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Security
  • Adenike Cosgrove
  • Proofpoint
  • cyber-security
blog comments powered by Disqus
Back to Top
  • Contact
  • Delta
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

im_logo

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading