As one year passes into the next, many of us take that time to reflect on the past, plan for the future and resolve to be as focused and effective as possible in the coming year. If you share that mindset, the following three predictions—paired with accompanying security awareness training resolutions—will help you take a more people-centric approach to cybersecurity in 2020 (and beyond).
1. A Focus on Real-World Threats
Workers and consumers alike have access to an ever-expanding arsenal of technical resources—from cloud apps to IoT devices and everything in between. But with each connected asset comes another potential point of compromise. And cybercriminals are constantly evolving, putting a fresh spin on tried-and-true techniques to make lures appear logical, relevant and credible.
As such, infosec and training teams are feeling the pressure to educate users about these more sophisticated, targeted threats—often without being allocated more time for security awareness training efforts.
Resolution: Use threat intelligence to guide assessments and training
Yes, some security awareness training is better than no security awareness training. But efforts that trend toward “checking the box” will not yield the behavior change you seek. Instead, your program should combine broad, foundational cybersecurity education with training that addresses weaknesses and attacks that are specific to your organization.
Here are a few ways to do that:
- Tap into your threat intelligence and identify your Very Attacked People™ (VAPs). It’s valuable to know who is being targeted and the ways attackers are trying to compromise your organization. Use this information to deliver the right training to the right people at the right time.
- Use tools like our Attack Spotlight to quickly alert end users to trending attacks identified by Proofpoint researchers.
- Send simulated phishing attacks that mimic trending attacks. Pay particular attention to lures that imitate brands widely used within your organization (like OneDrive, Office 365 and DocuSign). Use a feature like our Auto-Enrollment to automatically deliver training related to that topic to any user who falls for the attack.
2. Continued Issues With BEC and EAC
Business email compromise (BEC) and email account compromise (EAC) aren’t going anywhere. It’s a multi-billion-dollar, global problem affecting organizations of all sizes, in all industries. Given that spoofing techniques have historically been successful in tricking end users, account takeovers and attackers’ abuse of legitimate services only compound the problem.
Resolution: Ramp up training efforts around BEC and EAC
You simply cannot leave this to chance. Users must be made aware of these kinds of threats and taught that credential compromise allows threat actors to send communications that originate from legitimate accounts.
It’s particularly critical that any employees and third-party affiliates who request or execute wire transfers understand the ways they can identify these attacks and prevent financial loss. This includes C-Suite members. Authentication processes that exist outside of email—like a verbal exchange of closely guarded passphrases—can offer relatively low-tech ways to thwart these sophisticated attacks.
3. Greater Reliance on End Users as a Last Line of Defense
Email protection tools and other technical safeguards continue to evolve and become better at blocking attacks. But they aren’t foolproof. As such, organizations rely on end users to identify phishing attacks that slip through perimeter defenses. To serve as an effective last line of defense, users not only need to be able to identify suspicious messages, they need to know how to easily and efficiently alert infosec teams to suspected attacks.
Resolution: Implement a “quick click” reporting tool
Vigilant employees absolutely can spot malicious emails, and it’s to organizations’ advantage to automate reporting and analysis. Our PhishAlarm® in-client reporting button gives users the ability to quickly forward emails to predefined inboxes with headers intact. PhishAlarm Analyzer automatically evaluates reported messages and identifies those that are most likely to be dangerous. This allows response teams to focus on the most pressing threats.
In addition to automating distribution and analysis of reported messages, we also suggest automating remediation of these emails. Our Closed-Loop Email Analysis and Response (CLEAR) solution is a valuable time-saver for response teams. It combines the capabilities of PhishAlarm, PhishAlarm Analyzer and Threat-Response Auto-Pull (TRAP), reducing time spent on reporting, analyzing and remediating potentially malicious emails from days to minutes.