P RE D I C T I V E I NTELLIGEN CE
Vulnerability: How your
people work
Users’ vulnerability starts with their
digital behaviour – how they work and
what they click. Some employees may
work remotely or access company email
through their personal devices. They may
use cloud-based file storage and install
third-party add-ons to their cloud apps.
Or they may be especially receptive to
attackers’ email phishing tactics.
Adenike Cosgrove, Cybersecurity Strategy,
International, Proofpoint
vulnerabilities. More than 99% of today’s
cyberattacks are human-activated. These
attacks rely on a person at the other end
to open a weaponised document, click
on an unsafe link, type their credentials
or even carry out the attacker’s
commands directly (such as wiring
money or sending sensitive files).
Credential phishing, which tricks users
into entering their account credentials
into a fake login form, is one of the
most dangerous examples. In the cloud
era, those credentials are the keys to
everything – email, sensitive data, private
appointments and trusted relationships.
In the third quarter of 2018, for example,
corporate credential phishing attempts
quadrupled vs. the year-ago quarter
according the Proofpoint’s Quarterly
Threat Report Q3 2018 and email fraud
rose 77% over the same timeframe.
Time to identify your most
attacked users
Just as people are unique, so is their
value to cyberattackers and risk to
employers. They have distinct digital
habits and weak spots. They’re targeted
by attackers in diverse ways and with
varying intensity. And they have unique
professional contacts and privileged
access to data on the network and in
the cloud.
Together, these factors make up a
user’s overall risk in what we call
the VAP (vulnerability, attacks and
privilege) index.
34
Assessing vulnerability that stems
from how people work is mostly
straightforward – though it’s not always
easy, or even possible, with traditional
cyberdefences. It starts with knowing
what tools, platforms and apps they use.
The second part of measuring
vulnerability is figuring out how
susceptible your users are to phishing
and other cyberattacks. Short of letting
attackers in and seeing who opens
a malware file or wires money to an
attacker (not ideal for obvious reasons),
phishing simulations are the best way to
gauge this aspect of vulnerability.
Simulated attacks, especially those that
mimic real-world techniques, can help
identify who’s susceptible and to what
tactics. Someone who opens a simulated
phishing email and opens the attachment
might be the most vulnerable. A user
who ignores it would rank somewhat
lower. And users who report the email to
the security team or email admin would
be deemed the least vulnerable.
All cyberattacks are not
created equal
While every attack is potentially harmful,
some are more dangerous, targeted or
sophisticated than others.
Indiscriminate 'commodity' threats
might be more numerous than other
kinds of threats. But they’re usually
less worrisome because they’re well
understood and more easily blocked.
Other threats might appear in only a
handful of attacks. But they can pose a
more serious danger because of their
sophistication or the people they target.
Rich threat intelligence and timely
insight are the keys to quantifying this
aspect of user risk. The factors that
should weigh most heavily in each users’
assessment include: the cybercriminal’s
sophistication, the spread and focus
of attacks, the attack type and overall
attack volume.
You should also weigh these factors in
context of what departments, groups or
divisions the individual user belongs to.
For instance, some users might seem not
at risk based on the volume or type of
malicious email sent to them directly. But
they might actually represent a higher risk
because they work in a highly attacked
department – and are therefore more
likely to be a key target in the future.
Issue 12
|
www.intelligentciso.com