One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8425108 |
| Date de publication | 2023-12-18 06:00:21 (vue: 2023-12-19 01:07:39) |
| Titre | Une approche de risque intégrée pour briser la chaîne d'attaque juridique et de conformité: les informations de Proofpoint Protect 2023 An Integrated Risk Approach to Breaking the Legal and Compliance Attack Chain: Insights from Proofpoint Protect 2023 |
| Texte | Last September, Proofpoint held our first in-person event since the pandemic in New York City, Protect 2023. In this blog post, our Chief Compliance Officer in Residence John Pepe shares some key insights from the leaders who participated in the Compliance Leader\'s Roundtable at that conference. A big part of that discussion was exploring how combining data points from multiple tools can help stop known risk patterns before problems escalate. “Break the Attack Chain” is a Proofpoint initiative that outlines our approach to prevent and disrupt cyberattacks that target people and their data. The attack chain can basically be broken down into eight steps and three main stages: Initial compromise Privilege escalation Data exfiltration Steps in the attack chain. We believe that breaking the attack chain is so important that we made it the theme of Protect 2023. When you break the attack chain, you reduce the risks and the impact of cyberattacks. And you avoid a lot of the financial, reputational and operational damage. Proofpoint argues that this starts by taking a people-centric approach to security that focuses on the human factors that enable and motivate attackers. But this theme isn\'t just relevant to cybersecurity. It\'s also an important concept that\'s relevant to compliance professionals and their current challenges. Recently at the Protect 2023 conference, we explored how the industry is using this idea to rethink the ways it approaches and mitigates risk. What\'s top of mind for compliance professionals right now? Part of my job at Proofpoint is to provide our customers-some of whom are highly regulated-with executive briefings on compliance and regulatory best practices. I also have a lot of critical discussions with the legal and regulatory communities. So I understand why the concept of breaking the attack chain transcends cybersecurity and really resonates with these groups. That\'s why I chose to explore it at Protect 2023 at the Compliance Leader\'s Roundtable. This panel was comprised of a chief compliance officer from a leading financial services provider, the head of surveillance for an asset manager, and a chief information security officer. And our topic was “What\'s Top of Mind for Compliance Professionals Post COVID-19." The discussion was informal and focused on work-from-home (WFH) initiatives during and after the pandemic. Two interconnected areas were of particular interest: Risks and programs related to WFH, with a special focus on collaboration platforms How behavioral indicators may help to predict potential legal or compliance issues When talking about insider risks and threats, the panelists explored: Best practices for controlling messaging apps and mitigating risks in mobile texts and chat How behavioral modeling and analytics can be used to enhance risk monitoring for user conduct How combining multiple compliance approaches can help form a holistic risk management program, which can mean integrating: Threat detection People analytics Conduct compliance applications As part of the conversation, I brought up the topic of employee behaviors and patterns that can lead to legal or compliance issues. The example scenario I offered was of a disgruntled employee who had received an underwhelming bonus or was passed up for a promotion. To get back at the company, this person stole sensitive company data and intellectual property (IP) before they left their job. The panel discussed behaviors or telemetry that might be present in such a scenario. And they talked about whether any data about user conduct might help detect and prevent potential losses. An integrated approach to breaking the attack chain What follows are some of the ways that our panelists use tools to mitigate risks. And how Proofpoint can help. Combining internal and external data One of the most crucial aspects of a surveillance analyst\'s job, especially in financial services, is monitoring employee risk. The roundtable emp |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2002 2023 about above accessing accounts activities activity actors address address adverse after aim alert alerts also analysis analyst analysts analytics analytics analytics analyze any applications approach approaches approach apps are areas argues artificial aspects asset attack attackers automatically available avoid back bad basically because become been: before behavior behavioral behaviors being believe best better big block blog boards bonus break breaking briefings broken brought business but can cases catch centric certain chain chain: chain chain” challenges chat chief chose city clues collaboration collects com combine combining comes communications communications communities company complete compliance compliance@proofpoint comprehensive comprised compromised compromise concept concern conduct conducting conduct conference contact contribute controlling conversation corporate correlation could covid create crimes critical cross crucial current customers cyberattack cyberattacks cybersecurity damage data data design detect detection detection developing discussed discussion discussions disgruntled disrupt dissatisfaction dlp down download during each earlier early eight electronic elements elevated email emailing emails emphasized employee employees enable end enforcement enhance enough escalate escalation especially event events example example: excel executive exfiltration exfiltration explore explored explored: exploring expressing external factors fiction file files film financial find first focus focused focuses follows for: form from gain get good groups had happen harnessing has have head heightened held help helps here high highly hold holistic home hours how however human hypothetical idea identified identify illegal illustrate impact important including indicate indicators individual industry informal information initial initiative initiatives innocuous insider insights instance instant integrate integrated integrating: intellectual intelligence intelligent intercede interconnected interest: internal intervene invite isn issue issues issues job john just key know known last law lead leader leaders leading leads learn learning left legal let like likelihood line” long look loss losses lot machine made main major management manager manipulating manually market may mean messages messaging microsoft might mind mitigate mitigates mitigating mobile modeling monitor monitoring more more most motivate multiple network new normal normally not notice now number occurs offered offers officer one only operational other outlines outside over own page pandemic panel panelists part participated particular passed past patterns people pepe performance period person personal picture platforms points post potential practices predict predictive present prevent prevented prevention previously privilege problem problems professionals profile program programs promotion proofpoint property protect provide provider provides realized really received recently record reduce regulated regulatory related relevant repeated report” reputational residence resonates resource resulted resumes rethink reveal revisit right risk risks roundtable said say scan scenario science score security seem sending sensitive sent september services shares should since solutions some special spot stage stages: started starts statistical steps stole stop such suggest supervision supervisor surveillance system systems take taken taking talked talking target team teams techniques technology telemetry texts that that: theft them theme then theoretical these think threat threats threats three threshold time to: today together told tools top topic trading transaction transactions transcends triggered two understand underwhelming unified unusual use used user using visit want ways wfh what when where whether which who whom why work would york your “below “break “flight “integrated” “minority “risk “what ” |
| Tags | Tool Threat Mobile Prediction Conference |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.