1、A people-centric approach to stopping ransomware,malware attacks,phishing and email fraudThe Definitive Email Cybersecurity Strategy Guide2022EBOOKEvery day around the world,a silent battle wages on in one of the most familiar and central features of modern work:the email inbox.As the top malware de

2、livery vector and fertile ground for all kinds of fraud,email is the channel where cyber attackers are most likely to compromise their targets.They trick users into clicking on an unsafe link,giving away their credentials,or even carrying out commands directly(such as wiring money or sending sensiti

3、ve files).Its not hard to see why attackers prefer email.It uses a decades-old architecture that wasnt designed with security in mind.Its universal.And unlike computer hardware and infrastructure,email attacks exploit vulnerabilities that cant be patched:people.The challenge is growing even more com

4、plicated amid a shift to the cloud and remote work.Organizations spend billions every year on security tools designed to harden the network perimeter,detect network intrusions and secure endpoints.And yet the volumeand costsof ransomware,business email compromise(BEC),credential phishing and malware

5、-fueled data breaches have never been higher.1Thats because todays attacks hack human nature,not just technology.And email is the easiest way to reach people.Email:Your Most Critical Threat Vector$14.8 millionthe average annual costs of phishing for a large organizationmore than triple the 2015 aver

6、age286%of organizations faced bulk phishing attacks in 2021377%of organizations faced BEC attacks in 2021478%of organizations saw email-based ransomware attacks in 2021585%of data breaches involve people6Consider these research findings:1 Ponemon.“The 2021 Cost of Phishing Study.”June 2021.2 Ponemon

7、.“The 2021 Cost of Phishing Study.”June 2021.3 Proofpoint.“2022 State of the Phish.”February 2022.4 Ibid.5 Ibid.6 Verizon.“Data Breach Investigations Report Executive Summary.”May 2021.22022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKIts time for a new approach.Todays threat landscape ca

8、lls for a fresh mindset and new strategyone that focuses on protecting people rather than infrastructure.Whether you lead a multinational security operations center or a small tight-knit security team,consider this guide a starting point.Well explore:Why email should be your No.1 security priority W

9、hat makes it so difficult to secure How integrated,layered people-centric security is more effective Where to optimize your email security operations to save money and streamline responseTop Social Varieties in Social Engineering Incidents(n=3,810)Source:Verizon 2021 Data Breach Investigations Repor

10、t0%20%40%60%80%100%PhishingPretextingSpamOtherFigure 1:Top forms of social engineering32022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKSECTION 1Cyber Attacks Are Evolving Faster Than Traditional DefensesSafeguarding email is the key to protecting the enterprise.But its a complex challeng

11、e.Thats because email threats are numerous and wide-ranging.Attack techniques are constantly evolving.And human naturethe weak link in every organizationis a perpetual target.Its no wonder that solutions built for fighting the attacks of just two to three years ago are struggling to keep up.This sec

12、tion outlines just some of the ways cyber attackers target people.(In many cases,attackers combine techniques to evade defenses and boost their success rates.)42022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKRansomwareRansomware is an old threat that persists as a modern-day problem.This

13、 type of malwarewhich gets its name from the payment it demands after locking away victims filesis a major issue for modern businesses.Its one of todays most disruptive types of cyber attack.Major incidents involving fuel,7 food8 and health infrastructure9 in 2021 showed that no target is off limits

14、.About three-quarters of ransomware starts,directly or indirectly,with a phishing email.10 These emails trick users into opening a malicious attachment or clicking a malicious URL.Figure 2:Links between threat actors,first-stage malware and ransomwareMALWAREThe TrickBazaLoaderSocGholishIcedIDQbotRAN

15、SOMWAREWastedLockerRyukEgregorMazeSodinokibiProLockTHREAT ACTORTA569TA800TA577TA551TA5707 David Sanger,Clifford Krauss,Nicole Perlroth(New York Times)“Cyberattack Forces a Shutdown of a Top U.S.Pipeline.”May 2021.8 Julie Creswell,Nicole Perlroth,Noam Schreiber(New York Times)“Ransomware Disrupts Mea

16、t Plants in Latest Attack on Critical U.S.Business.”June 2021.9 Nicole Perlroth,Adam Satariano(New York Times)“Irish Hospitals Are Latest to Be Hit by Ransomware Attacks.”May 2021.10 Unit 42,Palo Alto Networks.“Ransomware Families:2021 Data to Supplement the Unit 42 Ransomware Threat Report.”July 20

17、21Most ransomware is delivered as a secondary infection after a system is already infected with a Trojan or loader.Many attackers who specialize in these Trojans or loaders then sell access to ransomware organizations.For most organizations,the first line of defense against ransomware is making sure

18、 they are protected from other kinds of malware.There isnt a simple one-to-one relationship between the initial access malware and the strain of ransomware distributed to victims.But researchers at Proofpoint and elsewhere in the industry have noted some prominent associations,as shown in Figure 2.5

19、2022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKEmail fraud and business email compromise(BEC)Business email compromise(BEC),also known as email fraud,is one of cybersecuritys costliest and least understood threats.The fast-growing category of email fraud doesnt always garner as much att

20、ention as other high-profile cyber crimes.But in terms of direct financial costs,BEC easily overshadows other types.In 2020 alone,BEC schemes cost organizations and individuals more than$1.8 billion.11 Thats up more than$100 million from 2019 and a full 44%of total cyber crime losses.BEC attacks are

21、 hard to detect.They dont include the usual payloadsmalicious URLs or file attachmentsto analyze.Instead,fraudsters rely on impersonation and other social engineering techniques to trick people.Many of todays BEC schemes are highly sophisticated,well-funded and backed by careful planning and researc

22、h.A growing number of attackers are focusing their efforts on supplier invoicing fraud and large business-to-business(B2B)transactions they can hijack.BEC attacks prey on human nature.They exploit peoples trust.Heres how they work:1.First,BEC attackers pose as a person or entity that a recipient can

23、 trust,such as a colleague,boss or vendor.2.The attacker sends an email directing recipients to take some action that siphons money or sensitive financial information from the organization.These could include fraudulent wire transfers,bogus invoices,diverted paychecks,changed banking details for fut

24、ure payments,and countless other schemes.3.By the time the organization discovers the error,its often too late to recover the money.TYPES OF BECBEC comes in many formslimited only by attackers creativity.Here are six common types:Invoicing fraud.This attack tricks victims into paying bogus invoices

25、or diverting valid payments.1Payroll redirect.In this scheme,attackers posing as an employee ask the payroll department to reroute wages to their account.2Extortion.Here,attackers threaten harm or embarrassment unless the victim pays up.3Lures and tasks.These bait victims with a simple question like

26、“Are you there?”and escalate to other forms of BEC.4Gift carding.This technique tricks recipients into buying gift cards and sending the number and PIN to the scammer.5Advance-fee fraud.In this old con,swindlers ask for money to unlock an even larger sumwhich never comes.611 FBI.“Internet Crime Repo

27、rt 2020.”March 2021.62022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKAccount compromise/takeoverAccount compromise is the act of maliciously gaining control over a legitimate users email or cloud service accountgiving the attacker wide-ranging access to data,contacts,calendar entries and

28、 email.Beyond the compromised users data,the attacker can use the account to impersonate the user in social engineering attacks both inside and outside of the organization.These include BEC,supply-chain attacks and more.Threat actors can access sensitive data,persuade users or outside business partn

29、ers to wire money or damage an organizations reputation and finances.Worse,they can also install backdoors to maintain access for future attacks.Anatomy of an account takeoverHeres how most cloud account takeovers play out.Credential theft.The attacker gains access to the users credentials through c

30、redential phishing(which alone accounts for about two-thirds of all phishing volume),brute-force password attacks,credential restuffing/recycling or credential-stealing malware.Infiltration.Once logged into the users account,the attacker has access to the victims email,contacts,calendar and files.Th

31、e attacker can steal this data directly or use it to convincingly impersonate the user.Some fraudsters may respond to existing email threads or send draft emails with malware or unsafe URLs to colleagues and outside business partners.Posing as the compromised users,other may target others inside and

32、 outside the company with fake invoices or payment rerouting instructions.The attacker may also upload malware into corporate file-shares or sabotage the company in other ways.Persistence.Often,the attacker stealthily sets up auto-forwarding rules that provides access to the users email even if the

33、user changes the password.Being able to see all incoming email and calendar invites gives the attack key details for future impersonation attacks.72022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKSECTION 2How the Threat Landscape Has ChangedTodays remote and hybrid workforces are powered

34、by cloud and mobile technologies.The hardened perimeters and traditional network structures of the past are all but gone.People are the new perimeter.Unfortunately,most security budgetstied to other priorities and product categorieshavent kept up.82022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUI

35、DE EBOOKAttackers target people,not infrastructureEven as organizations spend billions every year to shore up their infrastructure,they may be neglecting the people-based security risks that matter most.People are the easiest and most lucrative entry point into your environment.According to the“Veri

36、zon Data Breach Investigations Report,”a whopping 85%of data breaches involve people.12 Your users are under a constant barrage of unsafe hyperlinks,malicious attachments,credential theft,social engineering schemes and impostor threats.Attacks often span multiple vectorsTargeting people means engagi

37、ng them on the tools and platforms they use.Where users go,attackers follow.Modern workflows are dynamic and unpredictable.User may start a conversation in email,schedule a follow-up meeting in their chat application and collaborate on files stored in the cloud.Modern attacks are also dynamic and un

38、predictable.They play out over multiple channels,use a mix of tactics and tools and piggyback all the platforms people use to get their work done.An attack may start with email and link to malware hosted on a file-sharing site.Or a rogue cloud app may steal credentials to compromise a legitimate acc

39、ount and use it to launch BEC attacks.The challenge is only growing.Often,an advanced threat actor creates the malware“product”and sets up the infrastructure as an easy-to-use package or service.Lower-level cyber criminals may rent the service for their attacks,paying to use it for a set period of t

40、ime or getting a cut for each successful compromise.In other cases,they act as distributors,sending out emails with the malware and earning a commission on each successful infection.Source:2022 State of the PhishVolume of Smishing Attacks26%23%34%16%1%74%of organizations faced smishing attacks in 20

41、21Volume of Social Media Attacks26%21%34%17%2%74%of organizations saw social attacks in 2021Volume of Vishing31%22%33%13%1%69%of organizations faced vishing attacks in 2021Total unknown50+1-1011-50No attacksVolume of Malicious USB Drops36%19%32%12%1%64%of organizations saw USB-based attacks in 20211

42、2 Verizon.“Data Breach Investigations Report Executive Summary.”May 2021.92022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKDefending every vector is not enoughOrganizations may understand the multifaceted,people-centric nature of todays threats and invest in security tools to cover every

43、potential risk.But unless those tools are working together in a coordinated fashion,they cant offer the visibility and insight security teams need to manage risk.Imagine a squad of soccer superstars who wont practice together,an orchestra of virtuosos who dont hear the other instruments,or a surgica

44、l team that cant agree on patient care.No matter how skilled each individual is,theyre not nearly as effective a well-coordinated whole.Todays attackers combine techniques for more sophisticated attacks.Standalone point products tools create needless complexity for security teams struggling to just

45、to manage the current risk.Thats why true people-centric security requires a holistic,coordinated approach.102022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKSECTION 3 Focus on Your Riskiest UsersThe first step to protecting users is identifying which ones pose the most risk.While every o

46、rganization may weigh various risk factors differently,all should comprise some combination of vulnerability,attacks and privilege.Vulnerability is a way of determining whos most likely to fall victim to a threat.An attack analysis can reveal who in your organization is being targeted,how heavily an

47、d by what types of threats.And privilege can help predict how harmful a successful attack would be to the organization.112022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKFocus on users who represent a higher-than-normal risk based on any combination of these factors.Their status calls for

48、 extra attention by the security team and stakeholders who should know how and why theyre at risk.This level of visibility in all three areas is essential to people-centric security.Without it,organizations have no way of knowing who needs additional layers of security or how best to protect them.Vu

49、lnerability:how people work and what they clickQuantifying vulnerability isnt easy with traditional technology-focused security tools.But with a people-centric approach,you can measure:how they work and what they click.How they work encompasses the tools,systems and platforms they use to do their jo

50、b.What they click is a measure of their security awareness and propensity to fall for likely threat tactics.How your people workYou can get a general sense of user vulnerability by assessing what tools,platforms and apps they use.These may include:What cloud apps they use and whether those apps are

51、vetted by the IT department How many and what devices they use to access email Whether those devices are secure Whether the user practices good digital hygiene such as strong,unique passwords and keeping software up to date Whether they use multifactor authentication consistently for corporate acces

52、s and even personal accountsThe more granular your visibility,the better.What your people clickVulnerability can be measured more precisely with security education,simulated phishing and how they respond to actual threats.Security awareness training,an essential layer of any effective security strat

53、egy,can offer insight into which users are the least prepared to recognize,resist and report cyber threats.In general,users who score poorly on training exercisesor havent completed themare more vulnerable than high scorers.Short of letting attackers in and seeing who clicks a link,fills out a form

54、or opens a file,phishing simulations are one of the most powerful ways to gauge this aspect of vulnerability.Finally,and most importantly,track users who engage with known malicious emails,even when the click is blocked,isolated or rewritten.This real-world data combined with security awareness info

55、rmation gives you a holistic view into email vulnerability by tracking education completion,phishing simulations and engagements with real malicious messages.ATTACKSTargeted by threatsVULNERABILITIESWork in high-risk waysPRIVILEGEAccess to valuable data/systemsPhishing Template Types:Average Failure

56、 Rates11%Link4%Data Entry20%AttachmentSource:2022 State of the Phish122022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKAttacks:how people are targetedEvery cyber attack is potentially harmful.But some are more dangerous,targeted or sophisticated than others.Thats why measuring this aspect

57、 of risk might be trickier than it seems.Indiscriminate“commodity”threats might be more numerous than other kinds of threats.But theyre well understood and more easily blocked.Other threats might appear in only a handful of attacks.But they can pose a more serious danger because of their sophisticat

58、ion or the people they target.Knowing the difference is critical to identifying users who are a higher risk.At Proofpoint,we call these users“Very Attacked People”(VAP).Having a complete view of all email traffic and tying this to rich threat intelligence are keys to quantifying who is being targete

59、d and how heavily.The factors that should weigh most heavily in each users assessment include:The cyber criminals sophistication The spread and focus of attacks The attack type Overall attack volumeYou should also weigh these factors in context of what departments,groups or divisions the individual

60、user belongs to.For instance,some users might seem not at risk based on the volume or type of malicious email sent to them directly.But they may actually represent a higher risk because they work in a highly attacked departmentand are therefore more likely to be a key target in the future.Good threa

61、t intelligence can determine what tools attackers are using and tie seemingly discrete incidents to larger campaigns.132022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKPrivilege:what people have access toMeasuring user privilege starts with taking an inventory of all the potentially valua

62、ble things people have access to:data,financial authority,key relationships and more.You should know where your most sensitive data lives and who and what apps have access to it.Users with access to critical systems or proprietary intellectual property,for instance,might need extra protection,even i

63、f they arent especially vulnerable or arent yet on attackers radars.The users position in the org chart is naturally a factor in scoring privilege.But its not the only factorand often,not even the most important one.An administrative assistant might make a more appealing target than a mid-level mana

64、ger for corporate espionage because the assistant has access to the CEOs calendar.In the same way,a hospital nurse with access to patient records might be more useful target than the CEO for identify thieves.For attackers,a valuable target can be anyone who serves as a means to their end.Protecting

65、high-privilege users from outside attacks is critical.Just as important is protecting your organization from high-privilege users.In the wrong hands,insider access might be misused through malice,negligence or compromise.Compromised accounts could export sensitive files or attempt to compromise or d

66、efraud other internal users.142022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKSECTION 4 Building a People-Centric DefenseA people-centric approach keeps everyone protected by applying controls that correspond to their level of risk.And it works in a unified way across every platform peop

67、le use,against every tactic attackers employ and within every threat vector that matters.152022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKBase layer:security for everyoneBecause email attacks come in many forms,you need a defense that stops the entire gamut of email threats,not just som

68、e of them.Here are the most essential steps to an email defense built for modern threats:Stop malicious attachments and URLs before they reach users inboxes.Stop payload-free impostor threats such as BEC and other scams,including those coming from compromised email accounts within your own organizat

69、ion and from suppliers.Secure users web browsing and personal email with web and personal email isolation.Make users more resilient with security awareness training and contextual clues.Apply controls such as web isolation to keep users potential unsafe browsing habits separate from your environment

70、.Factor data protection into to your email security strategy.Stop malicious attachments and URLs before they reach users inboxMost cyber attacks rely on the intended victim doing somethingin many cases,opening an attachment or clicking a URL.But these human-activated attacks cant succeed if the inte

71、nded victim never sees the message.Thats where advanced email security protection comes in.By stopping malicious payloads before they reach users inboxes,an effective solution can protect against a wide range of malware threats,including ransomware,banking Trojans,remote-access Trojans,information s

72、tealers,downloaders,botnets and more.Stop hard-to-detect impostor threatsStopping malware is critical,but some of the most damaging email attacks dont use payloads at all.Instead,they rely on social engineering.BEC,a type of wire-transfer fraud,is one example.BEC attacks been reported in all 50 stat

73、es and 177 countries,with fraudulent transfers sent to at least 140 countries,according to the FBI.13In BEC and other forms of email fraud,the scammer impersonates someone the recipient can trust using a spoofed,compromised or lookalike email account.Under that false identity,the attacker asks the v

74、ictim to do something on the attackers behalfsay,wire money to an overseas bank account,send sensitive files and more.Impostor threats are a complex problem with many facets.To stop them,you need a layered defense that secures inbound,outbound and internal emailand works in a holistic,cohesive way.1

75、3 FBI.“Internet Crime Report 2020.”March 2021.162022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKAlong with user education and other security controls described in this section,here are key elements of an impostor email defense.DMARCDeploy Domain-based Message Authentication,Reporting and

76、 Conformance(DMARC)email authentication.DMARC is an internet-wide policy that validates that the email sender is who they say they are and that theyre authorized to send on the organizations behalf.With DMARC,you get visibility into all the email being sent using your email domain,including trusted

77、third-party senders such as Marketo,Salesforce and others.With this visibility,you can authorize all valid senders trying to send email on your behalfand block anyone using your trusted domains to steal money or hurt your brand.Dynamic classificationWhile DMARC can help stop threats that spoof your

78、domain,attackers use other techniques to trick users.Thats why another critical component of stopping non-malware threats is dynamically analyzing and classifying the content of the emails.This aspect of email security is all about parsing whats in the email,not just where it comes from.Thats why yo

79、u need email security that can look for telltale signs of fraud and block or further study anything that looks unsafe.Dynamic classification analyzes and manages email based on several factors,including:The emails header,IP address and sender reputation Machine learning-driven content analysis looki

80、ng for reply-to pivots,words and phrases The relationship between the sender and recipient Context about sender,such as whether it appears to be impersonating a known supplierInternal email defense and supplier risk insightsIn some cases,attackers dont try to disguise their email address at allthey

81、just take over a legitimate account at the organization or a supplier or partner.Email account compromise(EAC)can be used in a wide range of attacks,but its especially potent impostor tactic.Thats because:Most organizations dont subject internal to the same levels of scrutiny and security controls a

82、s external email Most users inherently trust email from people they know Attackers who take control over an account have access to a trove of information about the compromised userwho they correspond with,what they discuss and even their writing style.These details make the impersonation especially

83、convincing.Protecting internal users,as well as context about supplier risk,is essential to effective email security.172022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKMake users more resilient with security awareness trainingCyber attackers have grown ruthlessly effective at exploiting h

84、uman nature with convincing spoofing techniques,attention-grabbing subject lines and hard-to-resist calls to action.Many of these emails arent clicked just by the recipient but forwarded and clicked by others.Security awareness trainingespecially as the backbone of a pervasive security culturecan go

85、 a long way toward making users a strong last line of defense.But it has to be targeted,ongoing and timely to make an impact with users.Generic annual training wont move the needle in changing behavior or building a security culture.Email tags that give users contextual clues about the nature of the

86、 message can also help them spot and report potential threats.For example,a tag that lets the user know that the email is coming from an external address or that the email domain is confusingly similar to that of a trusted brand can help them spot potential phishing.Web and email isolation is anothe

87、r control that can be applied to automatically contain and scan clicks from messages that may lead to fake credential sites,malicious attachments or URLs that contain malware or other threats.This can be applied to your most at-risk users,VIPs or a broader user population based on risk.Protect data

88、from breaches and insider threatsNo email defense can stop every threat.And even among the best-trained workforce,some users may fall for targeted social engineering attacks.Thats why every email defense should include data loss prevention(DLP)tools,including encryption.Even when something goes wron

89、g,a fast response and DLP ensures that the attack doesnt spread and that attackers dont get your most sensitive data.DLP is also a useful defense against insider threats.No one likes to think of their colleagues as a potential security foe.But insider threatsincluding workers who are careless,crimin

90、al or compromisedcaused an average of$15.4 million in damage per organization in 2021.14Whether data exits your environment through an external breach or insider attack,DLP helps keep it secure.$15.4Min damage per organization in 2021.14 Ponemon.“2022 Cost of Insider Threats Global Report.”January 2

91、022.182022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKAdaptive layer:adaptive controls for riskier usersA well-honed people-centered protection recognizes that some users need additional security layers and controls.These users may be more vulnerable to falling victim to attacks.They may

92、 be more heavily targeted in attacks.They may have high user privileges to sensitive data and systems.Or they may have any combination of the three that results in higher overall risk.Here are essential controls for riskier users:Targeted security awareness training Adaptive,risk-based protections s

93、uch as step-up authentication,web and URL isolation Compromise(takeover)protections for cloud-based accountsTargeted security awareness trainingCompany-wide security awareness training is useful for revealing vulnerabilities and reducing your human attack surface.Beyond shoring up obvious gaps,targe

94、ted training can also be a helpful preventative measure for all risky users,not just those who rank high on the vulnerability component.Users who pose a higher risk because of their attack profile,for instance,can get training on the very threats that are targeting them.And users with high privilege

95、s can get extra training related to attack campaigns targeting the data they have access to.Adaptive,risk-based controlsApplying the most stringent security controls to all users all of the time just isnt practical for most organizations.It could even backfire.Needlessly tight controls can hinder us

96、ers productivity and might drive them to turn to security workarounds just to do their job.But sometimes,that extra layer of security is necessary.A frontline worker might be especially prone to an attack making the rounds in your industry.A researcher might be targeted by an especially sophisticate

97、d attacker.Or a CEO,because of the nature of the job,might have access to the organizations most sensitive data.In some cases,you may need to step up authentication requirements.In other cases,you may need to use web isolation for any URLs the user clicks from email.Whatever form they take,the key t

98、o adaptive protections is a having a timely picture of the VAP-related risk factors and applying controls that are proportional to those risks.192022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKAccount protections for cloud-based accountsTo a cyber criminal,a compromised account is practi

99、cally a license to steal.A compromised account can be used in all sorts of malicious ways.By gaining control of the right users access,the intruder can move laterally within your environment,steal data or dupe your business partners and customers.Thats why protecting email accounts,especially cloud-

100、based accounts,is critical.Response layer:stopping threats faster and more efficientlySecurity incidents are inevitable.But they dont have to be catastrophic.When an attack gets through,how quickly you can contain and remediate the damage can mean the difference between a short-lived incident and lo

101、ng-lasting impairment.Thats why a vigorous response framework is a key part of every people-centric security posture.At many organizations,incident response can be a slow,labor-intensive process that includes:Investigating and verifying the incident Quarantining unsafe email Containing the threat De

102、termining the cause and scope Remediating infected systemsAll of these steps are critical to an effective response.But as security leaders know all too well,performing them manually doesnt scale.Thats where automation can help.Effective response processes automate labor-intensive tasks such as corre

103、lating and analyzing security alerts,verifying indicators of compromise(IOCs)and collecting forensic data.Automation can also help with remediation efforts such as updating firewall and email blocklists,pulling malicious email from inboxes,and restricting account access of affected users.Used strate

104、gically,automation speeds up your incident response and frees up your security staff to focus on the things people do best.Rather than being reactive to an onslaught of threats,they can apply proactive protection measures.202022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKHow artificial i

105、ntelligence and machine learning can helpAttackers target people.They exploit people.And ultimately,they are people.Stopping them requires modern solutions that can adapt to the way humans act.Thats why ML is a critical component in any people-centric security strategy.ML is faster and more effectiv

106、e than manual human analysis.And unlike traditional rule-based algorithms,it can quickly adapt to new and evolving threats and trends.ML vs.BECTake BEC as an example.BEC supplier invoicing fraud attacks are sophisticated and complex schemes to steal money.They work by either presenting a fraudulent

107、invoice as legitimate or by re-routing the payment to a bank account controlled by the attacker.Traditional security tools struggle with this type of attack due to two factors:such attacks are highly targeted and contain no payload.ML can dynamically analyze a wide range of message attributesincludi

108、ng header information,domain and message body to detect an impostor message or compromised supplier.Analyzing credential phishingCredential phishing attacks are another example.These socially engineered attacks often use knockoff log-in sites to trick victims into entering their credentials.Often,th

109、eyre so well designed that human viewers cant tell the difference.But using ML and computer vision to quickly scan and analyze URLs,modern security tools can spot and block any emails that point to the counterfeit sites.ML can detect risky URLs,even if theyre newly-registered,are being hosted by fil

110、e-sharing sites or use advanced evasion techniques like CAPTCHA.Garbage in,garbage outUnlike standard rule-based software systems,ML behavior is derived from data and is not hand-coded.That means ML systems are only as good as the people who train them and the data they use.When evaluating vendors t

111、hat tout their ML features,look for ML-based models trained with large sets of threat data.The data should include threat insight gleaned from leading enterprises in the Fortune 100,Fortune 1000 and Fortune Global 2000 and as many internet service providers and small and mid-size businesses as possi

112、ble.And it should span multiple attack vectors such as email,cloud,network and social media.These channels are critical as attackers augment their arsenal beyond email-based threats.And dont forget the role of skilled threat researchers in training ML models.Even the best data scientists cant build

113、an effective ML model alone.They need the domain expertise that comes with having a deep background in threat research and analysis.212022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKCHECKLISTWhat to Look for in a Security SolutionPeople-centric security is more than a marketing buzz-word

114、its a fundamentally new way of looking at threats and how to stop them.It starts with the right approach but also requires the tools and capabilities.222022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKHeres a checklist of what to demand in people-centric security solutions.A unified,integ

115、rated and scalable platformA people-centric security solution is more than the sum of its parts.Point solutions may solve some aspects of your security problem.But combating modern threats requires a holistic,integrated approach that addresses every tactic,tool and vector attackers useacross every d

116、evice,platform and channel your people use.Unintegrated security products with multiple consoles means more time and resources wasted with overlapping and convoluted workflows.Security teams get a fragmented view of threats,needless busywork and more management complexity.Look for solutions that cov

117、er a broad range of threats and work with your broader security ecosystem.Depending on your organization,these might include components such as next-generation firewalls,security information and event management(SIEM)and identity management tools.Effective security for all usersThe best way to thwar

118、t email attacks is to take a layered approach long recommended by Gartner and other experts.Ensure you cyber defenses can mitigate:Spam and unwanted bulk mail Attacks that use malicious attachments and URLs Payload-free attacks such as BEC EAC and cloud-account takeoversPeople play the biggest role

119、in todays email attacks.Thats why security awareness training should be a key part of your email security strategy.Make sure your training program includes the following:Bite-sized training to ensure engagement and behavior change Phishing simulations modeled on real-world campaigns to train users o

120、n the threats theyre most likely to face Ongoing data-driven education for vulnerable users who are targeted by attackers or engage with real phishing messages Email tags that alert users to be careful with suspicious messages,with built-in reporting mechanisms and feedback to users232022 THE DEFINI

121、TIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKTo secure data that is stolen,mistakenly shared or maliciously exposed by an insider,encryption and other DLP measures are critical.Effective DLP can:Analyze and classify content in detail and,when needed,block it from being sent through email,transferred

122、 to the cloud or loaded onto a USB device Identify malicious,negligent or compromised users and help IT,HR,legal and security teams take the appropriate action to prevent lasting harm Identify and protect all standard forms of restricted content,such as PCI,HIPAA,FINRA and other regulated material A

123、utomatically reroute,encrypt or reject emails that violate security and other policies and alert the appropriate people within your organizationAdaptive controls for riskier usersHigher-risk usersbased on their vulnerability,attack profile and privilegerequire additional security controls.A people-c

124、entric email security solution helps you identify those VAPs and protect them with extra layers of security.Look for a solution that:Gives you actionable visibility into your VAPs informed by rich,timely threat intelligence and deep insight into users risk profiles Offers reporting tools that make i

125、t easy to surface and communicate users vulnerability,attack profile and privilege,with departmental and industry comparisons Automatically responds to changing user risk profiles with step-up authentication,reduced privileges,URL isolation and moreFast,effective response when something gets through

126、Automating key parts of the incident response process can help streamline critical labor-intensive tasks and free up responders for higher-level activities.Look for automated response tools that:Verify threats,identify affected users and collect forensics data and context around those users Enrich t

127、hreat alerts with actionable intelligence Contain and remediate threats across the environment,in the cloud and on premises.Automated corrective actions may include analyzing user-reported emails,pulling verified threats from email from users inboxes and resetting passwords of compromised accounts.2

128、42022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOKABOUT PROOFPOINTProofpoint,Inc.is a leading cybersecurity and compliance company that protects organizations greatest assets and biggest risks:their people.With an integrated suite of cloud-based solutions,Proofpoint helps companies around

129、 the world stop targeted threats,safeguard their data and make their users more resilient against cyber attacks.Leading organizations of all sizes,including more than half of the Fortune 1000,rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical ri

130、sks across email,the cloud,social media and the web.More information is available at .Proofpoint,Inc.Proofpoint is a trademark of Proofpoint,Inc.in the United States and other countries.All other trademarks contained herein are property of their respective owners.PLEARN MOREFor more information,visit .0301-001-01-03 03/222022 THE DEFINITIVE EMAIL CYBERSECURITY STRATEGY GUIDE EBOOK