Most organizational information security efforts today are directed towards peripheral protection. 61% of the total expenses invested by information security professionals are in communication and about 20% in End Point, leaving a very small remaining investment in protecting the activities of end users. Proofpoint decided that the time has come to change the traditional peripheral approach in favor of a human-based protection. This decision relies primarily on a single troubling fact: About 96% of the attacks on organizations today target the human factor and their success is a result of users “cooperation”.
It is difficult to remain indifferent to the above fact, which points to a simple conclusion: due to recent and ongoing improvements of information security products, Cyber Criminals no longer search for technological weak points. Rather, they search for “the next human error”, which is just around the corner.
Attackers’ Social Engineering technologies have become well-known in the Cyber world, due mainly to the vast information to be found in social networks. Today it is very easy to identify the people filling key positions in the organization, and the path to reach them has become simpler than ever before. Attackers mark “human goals” and study them well (hobbies, personal pastimes, etc.), so that the bait becomes much easier to set and much more believable.
As attackers are well aware, many of the key personnel in the organization (VIP – Very Important People) lack the required tools for coping with attack situations. Through the VIP the attacker may succeed in entering the organization’s most classified areas. In addition, Proofpoint has coined the term VAP (Very Attacked People), meaning employees who are highly sought after as attack targets, although they are not VIP. These may include the CEO’s secretary, who holds many permissions and attacking her may bring substantial benefit to the attacker.
This is why Proofpoint has decided that the best protection should center on the human factor. Proofpoint provides extensive information as to the breakdown of attacks made against the organization (which in over 90% of cases occur through email), enabling information security managers to pinpoint the most attacked targets and protect them more rigidly and even provide them with the tools and knowledge needed for coping with such situations.
In our upcoming lecture, Ben Kapuler, Sales Israel at Proofpoint, will share this unique approach, review the various products and describe the huge benefits of looking at the human factor, which today has become central.
People centric: Protecting the human weaknesses
