////////
//////////////////////////////////////////////////
click. Some employees may work remotely
or access company email through their
personal devices. They may use cloud-
based file storage and install third-party
add-ons to their cloud apps. Or they may
be especially receptive to attackers’ email
phishing tactics.
Assessing vulnerability that stems from
how people work is mostly straightforward
– though it’s not always easy, or even
possible, with traditional cyberdefences. It
starts with knowing what tools, platforms
and apps they use.
The second part of measuring vulnerability
is figuring out how susceptible your users are
to phishing and other cyberattacks. Short of
letting attackers in and seeing who opens a
malware file or wires money to an attacker
(not ideal for obvious reasons), phishing
simulations are the best way to gauge this
aspect of vulnerability.
Simulated attacks, especially those that
mimic real-world techniques, can help
identify who’s susceptible and to what
tactics. Someone who opens a simulated
phishing email and opens the attachment
might be the most vulnerable. A user who
ignores it would rank somewhat lower. And
users who report the email to the security
team or email admin would be deemed the
least vulnerable.
FEATURE: RETHINKING SECURITY
IT IS CRITICAL ORGANISATIONS TAKE
A TRULY PEOPLE-CENTRIC APPROACH
TO CYBERSECURITY TO REDUCE THEIR
ATTACK SURFACE.
You should also weigh these factors in
context of what departments, groups or
divisions the individual user belongs to. For
instance, some users might seem not at risk
based on the volume or type of malicious
email sent to them directly. But they might
actually represent a higher risk because they
work in a highly attacked department – and
are therefore more likely to be a key target in
the future.
Privilege
Privilege measures all the potentially
valuable things people have access to,
such as data, financial authority, key
relationships and more. Measuring this
aspect of risk is key because it reflects the
potential payoff for attackers – and harm
to organisations if compromised.
Users with access to critical systems
or proprietary intellectual property, for
instance, might need extra protection,
even if they aren’t especially vulnerable or
aren’t yet on attackers’ radar. The user’s
position in the org chart is naturally a factor
in scoring privilege, but it shouldn’t be the
only one.
For attackers, a valuable target can be
anyone who serves as a means to their
end. That’s why your executives and other
VIPs may not be the biggest targets in your
organisation. According to our research,
individual contributors and lower-level
managers account for more than two-thirds
of highly targeted threats.
Mitigating end-user risks:
A blueprint for
people-centric protection
All cyberattacks are not
created equal Protecting against all the factors that play into
user risk requires a multi-pronged approach.
While every attack is potentially harmful,
some are more dangerous, targeted or
sophisticated than others. It means reducing your users’ vulnerability
by making them more aware of the risk with
effective, hands-on cybersecurity awareness
training based on active, real-world attack
techniques. It also means stopping the
whole spectrum of threats – ideally,
before they reach the inbox. And it means
monitoring and managing their network
privilege to prevent unsanctioned access to
sensitive information.
Indiscriminate ‘commodity’ threats might
be more numerous than other kinds of
threats. But they’re usually less worrisome
because they’re well understood and more
easily blocked. Other threats might appear
in only a handful of attacks. But they can
pose a more serious danger because of their
sophistication or the people they target.
Rich threat intelligence and timely insight
are the keys to quantifying this aspect of
user risk. The factors that should weigh most
heavily in each users’ assessment include:
the cybercriminal’s sophistication, the
spread and focus of attacks, the attack type
and overall attack volume.
www.intelligentcio.com
Adenike Cosgrove, Cybersecurity Strategy,
International, Proofpoint
Today’s cyberattacks are unrelenting, come
in many forms and are always changing.
It is critical organisations take a truly
people-centric approach to cybersecurity
to reduce their attack surface. In the
current cloud-enabled, mobile, digitally
transformed workplace, the antiquated one-
size-fits-all cyberdefences of the past simply
no longer work. n
INTELLIGENTCIO
53