One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8401441 |
| Date de publication | 2023-10-27 09:36:08 (vue: 2023-10-27 14:08:15) |
| Titre | Au-delà du statu quo, partie 3: comment réduire les risques humains en changeant les mentalités et les comportements des utilisateurs Beyond the Status Quo, Part 3: How to Reduce Human Risk by Changing Users\\' Mindsets and Behaviors |
| Texte | This is the final installment in a blog series where we cover topics from our Wisdom 2023 sessions. In each blog, we have explored creative techniques for inspiring engagement in security awareness and building a strong security culture. In the first article, we covered how to personalize and invigorate your curriculum for your users using threat intelligence. Then, last week we learned about impactful ways to keep users and security practitioners engaged in continuous learning. Security teams have long believed that people who take risky actions lack security awareness. So, when users fail trainings or phishing assessments, they assign them more trainings and assessments in the hopes that they will improve. But our recent survey found that the majority of users who took risky action in the past tend to bypass security guidelines on purpose. Given this finding, it would seem that more training alone will do little to help change user behavior. At our annual customer conference, 2023 Proofpoint Protect, our customer panelists delved deep into the top behaviors that increase risk for companies. They also discussed the reasons that training alone is not as effective as people expect it to be. And they shared various ways to motivate employees to prioritize security and take a holistic approach to reducing people risk. Let\'s look at some of their key insights and advice. 3 types of users represent the biggest risk People remain attackers\' primary target. Everyone could pose risk to a business, but some users tend to be a higher risk than others. Our panelists called out the following types of users who require extra attention or could use more help or communication: Click-happy users. Email remains the number one threat vector, and attackers rely heavily on social engineering tactics to target people. So, click-happy users can pose a higher risk to businesses even if they don\'t have access to critical data or systems. Negligent users. These employees believe security has nothing to do with them. They see it as someone else\'s job. And they don\'t think they play a role in securing the business other than to complete mandatory training assigned to them. Frustrated users. These employees view security as a barrier. They overlook the importance of following security best practices and try to go around security controls to meet other objectives. Think outside the box to identify your people risk The most common ways to identify vulnerable users include conducting a phishing simulation and a knowledge assessment. Our customers told us they went beyond phishing tests and used threat intelligence to better identify risky users and quantify people risk. They talked about using Very Attacked People™ (VAPs) insights derived from the Proofpoint Aegis threat protection platform to uncover their most attacked users and top clickers. They also reviewed users who repeatedly failed phishing tests, and those who have business privileges to access sensitive data. Our panelists shared how they factored in the results from gamified training and survey tools to enrich the people risk score. Measuring employees\' attitudes toward security can help security teams get an idea of cultural shift. Nandita Bery, our panelist from Equinix, went above and beyond to connect with the security operations team to track user actions blocked by each security control and factor those security events into individuals\' risk scores. (There are tools in the market to generate user risk scores based on specific user behavior. Social media scraping tools and Proofpoint Nexus People Risk Explorer are examples.) The key is to think outside of the box because there are more effective and meaningful ways to identify and quantify people risk than tracking the training completion rate. Motivate employees by making security easy and personal “It\'s easy for security people to forget that our colleagues have a day job that isn\'t security. If security is perceived as a barrier to that, it\'s going to b |
| Envoyé | Oui |
| Condensat | 2023 about above access action actions actively advice aecon aegis agreed: aim almost alone also annual answer approach are around article assessment assessments assign assigned assumption attack attacked attackers attention attitudes awareness away barrier based because behavior behaviors believe believed bery best better beyond biggest blocked blog book box build building business businesses but buy bypass bypassing called can care caution challenge change changing check cheer: clear click clickers colleagues common communication: companies company complete completion conducting conference confirmation connect consequences consider context continues continuous control controls could cover covered creative critical cultural culture curriculum customer customers cybersecurity data day deep defend defense delved department departments derived discuss discussed don download driving each easy effective effort eighty else email employees empower end engage engaged engagement engineering enrich equinix essential even events everyone example examples expect experts explain explored explorer extra faces factor factored fail failed fake final finance find finding first focus following forget found fraud from frustrated gamified generate get given going group groups growth guidelines happy has have head heavily help helps higher holiday holistic hopes hours how human idea identify impact impactful importance important improve in: inc include increase individual individuals insights inspiring installment instead intel intelligence intelligently invested invigorate invoicing isn issues jason job journey just keep key know knowing knowledge lack last latest learn learned learning less let line listen little long look majority make making manage mandatory market matters mclain meaningful meanwhile measuring media medtronic meet messaging mindsets mitigating molly month more most motivate moving must nandita need needs neglecting negligent next nexus not nothing notifications number objectives one ongoing operations order other others out outside over overlook panelist panelists part past payroll people people people™ perceived percent personalize personal phishing platform play pose positive potential practices practitioners prepare primary prioritize privileges professionals program proofpoint protect protection provide provided punitive purpose push put quantify quo rate real reason reasons recent recommendations redirect reduce reducing relevant rely remain remains remember repeatedly represent require resilient resources results reviewed rewarding right risk risks risky risk role roles run said scams scare score scores scraping season seasonal securing security see seem sensitive series sessions shared shift shipping should show simulation social some someone specific spot stated status sterling stop strategically strong strong security success such supplier support surge survey systems tactics tailor take takes talked target targeted targeting team teams techniques tend tests than them themselves these think those threat threats through time tips tis told too took tools top topics toward track tracking training trainings trending trust try turn two types uncover underlying understand unexpected unsafe unwanted upcoming use used user users using vaps various vector very view vulnerable ways webinar website week went what when where who why will williams wisdom world would year your then we “it in |
| Tags | Tool Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.