One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8525315 |
| Date de publication | 2024-06-25 06:00:45 (vue: 2024-06-25 13:07:01) |
| Titre | Email mal réalisé: un problème commun et coûteux qui est facile à résoudre Misdirected Email: A Common and Costly Issue That\\'s Easy to Fix |
| Texte | Sensitive data loss has long been an issue for organizations of all sizes, leaving them exposed to compliance and reputation risks. From phishing and ransomware to advanced threats, there is a long and growing list of ways that sensitive information can find itself outside your defenses. That said, it never really “finds itself” there. It ends up there incidentally, or intentionally-and usually, by employees. So much so that two-thirds of chief information security officers (CISOs) surveyed for our 2024 State of the Phish report said their business has experienced data loss due to an insider. Once again, there are many ways this can happen. Even today\'s most security-oblivious users likely understand that weak passwords and errant clicks or downloads pose a risk. However, another prevalent factor behind data loss does not garner the same level of focus. It may surprise many to learn that misdirected emails-legitimate messages sent to incorrect recipients-are the number one General Data Protection Regulation (GDPR)-related cyber incident reported to the U.K.\'s Information Commissioner\'s Office (ICO). Misdirected email happens all the time-and it\'s difficult to stop with traditional tools. These errors are not usually flagged by standard rule-based data loss prevention (DLP) products. That leaves users solely responsible for ensuring that their emails are always sent to the intended recipients. Unfortunately, this human line of defense is not fully equipped for the task. Why doesn\'t traditional DLP solve misdelivery? Traditional rule based DLP tools do what they do very well. Such tools remain a critical part of any effective cyber defense when it comes to protecting sensitive data. However, they have a major shortcoming in that they only check messaging against predefined risks. Traditional DLP can identify whether: Recipients are on deny lists The content contains Social Security numbers or patient identifiers (RegEx patterns) Attached documents have classification tags; for example, if an admin has tagged a document as “sensitive” Assuming your email passes these checks, it is deemed safe to send. A misdirected email to a legitimate (albeit incorrect) recipient would not raise any red flags. A rule-based system would determine that this type of email is good to go. But based on Verizon\'s Data Breach Investigations Report (DBIR) data, which shows that email misdelivery is prevalent across all industries, we know that it\'s not. An adaptive, artificial intelligence (AI)-powered DLP solution goes much further. It doesn\'t just look for common predefined risks. Rather, it analyzes all aspects of an email for anything that looks anomalous. So, on top of checking for common red flags, it can detect abnormal groupings of recipients and flag sensitive words, phrases or content that are not ordinarily shared with the intended recipients-whether in the body of the message or in any attachments. The solution will then determine whether an email is safe to send. Overview showing how Tessian automatically detects what rule-based DLP misses. Should it detect a potential mistake or sensitive data loss incident, Proofpoint Adaptive Email DLP will intervene to question the accuracy of the recipient, offer a brief explanation of the potential issue and ask whether the sender wishes to proceed or cancel. Error message: Is this the correct recipient message? Put simply, traditional DLP cannot stop incidents like these because they can\'t be predefined. But Adaptive Email DLP can avert potential disasters in real time with simple, on-screen prompts for users so that they can correct any mistakes. With a complete timeline of each incident-what was being sent, who it was being sent to and why it was stopped-security teams get actionable insight into common mistakes and intentional attempts to misdirect company data to personal or |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 100 2024 abnormal about accidental account accounts accuracy acquisition across actionable adaptive additional admin adoption advanced again against agree albeit all already also always analyzes anomalous another any anything are artificial ask aspects assuming attached attachment attachments attempts automated automatically avert background balance based because been behavior behavioral behind being block board body breach brief business but can cancel cannot case cases changes changing check checking checks chief ciso cisos classification clicks comes commissioner common company complete compliance compose contains content continued convenience correct costly costs counsel critical customers cyber data day days dbir decreasing deemed defense defenses deny departing deployed designed detect detects determine difficult disasters dlp dlp document documents does doesn don downloads due each easy effective effectively effortlessly email email: emails employees end ends ensuring equipped errant error errors even ever every example existing experienced experts explanation exposed factor fast fatigue financial find firm first fit fix flag flagged flags focus from fully further garner gdpr general get global goes good groupings growing happen happens harness has have help helped helps historical hours how however human ico identifiers identify implement incident incidentally incidents incorrect industries information insider insiders insight institution institution intelligence intended intentional intentionally interact intervene intervenes investigations issue itself itself” journalist: just know law lead learn learns leaves leaving legitimate level like likely line list lists long look looks loss major malicious many may means meeting merger message message: is messages messaging minutes misdelivery misdirect misdirected misses mistake mistakes more most much never not number numbers oblivious offer office officer officers once one only ordinarily organization organizations out outside over overview part passes passwords patient patterns people person personal phish phishing phrases platform plus pose potential power powered predefined prevalent prevent prevented prevention problem proceed processes products prompting prompts proofpoint protect protecting protection put puts question raise ransomware rather ready real really recently recipient recipients red reduce reducing refine regex regulation related remain remediation remember report reported reputation resonating responsible risk risks roi rule rules safe said same saw screen security send sender sending sensitive sent shared shortcoming should showing shows significantly simple simply sizes social solely solution solutions solve spot standard state steps stop stopped stream such surprise surveyed system tagged tags; take task teams tessian than that them then these thirds threats time timeline times today too tools top traditional two type unauthorized understand unfortunately user users using usually verizon very visibility warning watch way ways weak webinar weeks well what when whether whether: which who why will wishes within word words work works would wrong your “finds “sensitive” “the “we ” |
| Tags | Ransomware Data Breach Tool |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.