One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8409069 |
| Date de publication | 2023-11-10 07:55:46 (vue: 2023-11-10 12:07:23) |
| Titre | New Gartner & Reg;Rapport BEC: les recommandations sont entièrement prises en charge par Proofpoint New Gartner® BEC Report: Recommendations Are Fully Supported by Proofpoint |
| Texte | Business email compromise (BEC) is costly. The latest Internet Crime Report from the FBI\'s Internet Crime Complaint Center notes that businesses lost more than $2.7 billion due to these scams in 2022. Another staggering statistic that is less reported: BEC losses were almost 80 times that of ransomware last year. The rate of BEC attacks and the average loss per incident are likely to keep climbing, which makes BEC an ongoing concern for businesses. A recent report by Gartner, How to Protect Organizations Against Business Email Compromise Phishing, offers companies several recommendations to help them reduce the risk of these attacks and minimize potential losses. Below, we share five top takeaways and key findings from this 2023 report. We also explain how Proofpoint can help protect your business against BEC attacks by linking what we do to Gartner\'s recommendations. 1. To combat BEC, businesses need to invest in email security rather than relying on endpoint protection Not all BEC scams contain a malicious payload like malware or malicious links. That\'s why endpoint protection and endpoint detection and response platforms are not effective defenses for these types of attacks. Gartner recommends: If you\'re a security and risk management leader who is responsible for infrastructure security, you can maximize your protection against BEC by seeking out and implementing artificial intelligence (AI)-based secure email gateway solutions. Look for solutions that offer: Advanced BEC phishing protection Behavioral analysis Impostor detection Internal email protection Proofpoint protects: Proofpoint believes that Gartner report\'s recommendation stems from the understanding that stopping BEC attacks before they reach a recipient\'s inbox is the best method to minimize risks. This strategy is at the heart of the Proofpoint Aegis threat protection platform. Proofpoint has used machine learning (ML) for more than two decades to detect email threats. We create the highest levels of BEC detection efficacy through our combination of AI/ML-driven behavioral analysis and rich threat intelligence. 2. Supplement email security with additional controls to reduce the risk of ATO Account takeover fraud (ATO) is often a feature in BEC attacks. It occurs when an adversary gains control of a legitimate account. To reduce the risk of ATO, businesses need to be able to recognize whether an email is from a genuine sender. Gartner recommends: Businesses should supplement their existing email security solutions with additional controls to further reduce the risk of BEC attacks like ATO and domain abuse. Proofpoint protects: To protect against account takeover, you need to identify accounts that might be compromised and automate remediation. If you rely solely on behavioral analytics to detect these accounts, you could end up with a high volume of false alerts. Proofpoint combines behavioral analysis with our rich threat intelligence to detect both compromised employee accounts and compromised third-party accounts. How Proofpoint helps when ATO occurs If an internal account has been compromised, a password reset isn\'t enough. Attackers in your environment can still manipulate third-party apps and gain persistent access to the account to wage attacks at will. Proofpoint TAP Account Takeover (TAP ATO) provides insights into what types of threats are targeting your users\' email accounts. And it provides you with the tools you need to take corrective action to protect a compromised account. TAP ATO correlates threat intelligence with artificial intelligence, ML and behavioral analytics to find malicious events across the email attack chain. It helps you see who is being attacked and how, and it provides automated remediation. How Proofpoint helps when supplier accounts are compromised Proofpoint Supplier Threat Protection gives you insight into which third-party and supplier accounts may be compromised. We combine AI/ML-driven behavioral analysis with threat in |
| Envoyé | Oui |
| Condensat | 2022 2023 2023 able about abuse abuse access account accounts across action additional advanced advantage adversary aegis affiliates against ai/ml alert alerts align all allow almost also analysis analysis analytics analyzes and/or another apps are around artificial ato ato attack attacked attackers attacks august authenticate authenticated authentication auto automate automated automates automatically automation average awareness based bec bec been before behavior behavioral being believes below best billion both breaches break bridge business businesses button can center chain change class click clickers climbing combat combination combine combined combines companies company complaint comprehensive comprise compromise compromised compromised concern conducting consider consultants contact contain contextual control controls convincing corrective correlates costly could create crime critical customize data decades decisions defend defenses defense is deploy details detect detection detection different directly diversion dkim dmarc doing domain domains domains done driven due early ease easy ecosystem educate effective efficacy email emails employ employee empower enables end endpoint engineering enough environment errors even events existing expertise explain exploit exploits fact fake false faster fatigue fbi feature feedback financial find findings five focused forwarded found franz fraud from full fully funds further gain gains gaps gartner gartner® gateway gather genuine gives great has have heart help helping helps here herein high highest hinner hoc hosted how human humans identify identity immature impersonation implementing impostor inbox inc incident incidents include increase industry inform informed infrastructure insight insights insight instructions intelligence internal internationally internet intervals invest investigate investigation invoices involve isn its job journey just keep key knowledge last latest latest internet leader leading learning legitimate less levels like likely linking links look lookalike loss losses lost machine mail make makes malicious malware management manipulate mark matter maximize may measures message messages method might migrate minimize mistakes monitor more most msoar msoar need new not notes notifies notify now nudges occurs occurs offer: offers often once one ongoing orchestration organizations other out overall partners party password patnaik payload payment payroll per permission persistent phish phishalarm phishing platform platforms plays positive posture potential practices prevent preventive proactive process processes professional program proofpoint protect protection protection protects: provide provides providing pull quarantine quarantined question ransomware rate rather reach ready real receive received receive recent recipient recognize recommendation recommendations recommends: reduce registered regular reinforce related rely relying remediated remediation remove report report: reported reported: reporting report from requests reserved reset respond response responsible results rich right rights risk risks role run said satarupa scams secure security see seeking send sender sending sensitive sent service services several share should social solely solution solutions spf spot staggering statistic stems steps stopping strategy strengthen such supplement supplier suppliers supported suspected suspicious system systems tactics tags take takeaways takeover tap targeted targeting tasks than that that: them these they thinks third those threat threats through throughout times to: too tools top trademark training trains transactions transfer trending triage triaging two types understanding unsure unwanted update use used user users using volume wage warning warnings well what when where whether which who why will wiring world year you your |
| Tags | Ransomware Malware Tool Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.