One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8544107 |
| Date de publication | 2024-07-25 06:04:58 (vue: 2024-07-25 13:08:05) |
| Titre | 3 Conseils pour créer un programme efficace de sensibilisation à la sécurité pour vos employés 3 Tips to Build an Effective Security Awareness Program for Your Employees |
| Texte | There are three cybersecurity truths that have stood the test of time (so far). Most breaches involve the human element. The latest Data Breach Investigations Report (DBIR) from Verizon notes that more than three-quarters (76%) of all breaches involve a human element. Phishing is one of the most common tactics for gaining initial access to a business. The DBIR says phishing was the second-most used tactic in 2023, right after stolen credentials. (Notably, credentials are often lost in phishing attacks first.) People are willing to take risks. That\'s why they often fall victim to attacks-because they take risky actions, like clicking on links and opening attachments from people they don\'t know. Research for our 2024 State of the Phish report shows that 68% of people do this. Given these truths, a human-centric security strategy is critical to protecting an organization. And mitigating human risk should be an important foundational pillar. This approach to cybersecurity recognizes that while technological solutions are essential, they are not sufficient on their own. Human behavior must be addressed directly. If you build an awareness program that is guided by threat intelligence and gives users the tools to respond to phishing attacks, you can attain quantifiable results. In this blog, we\'ll discuss three tips that you can use right now to build your security awareness training program in a way that empowers your employees to change their behavior. Tip 1: Prioritize high-risk user groups Human-centric cybersecurity starts with having visibility into who presents the greatest risk to your business. Often, the actions of a very small percentage of employees are the root cause of most security incidents. When you understand who presents the most risk, you can maximize your program\'s impact by improving the resilience of these individuals. For our 2024 State of the Phish report, we asked information security professionals who they believe represent the greatest risk to their organizations. The top group were the users who had access to critical data (privileged users). A chart that shows users who represent risk within companies. (Source: 2024 State of the Phish report from Proofpoint.) Privilege risk is one key factor in quantifying total human risk. It considers the amount of damage that could result from a successful attack. However, you must also consider: Attack risk, which demonstrates that the more a person has been attacked in the recent past, the higher the probability that they will be attacked in the near future. Vulnerability risk, which evaluates the probability that an attack would be successful if a person is attacked. For this risk factor, it is important to track both real and simulated user behaviors such as actual URL clicks within live email and performance against security awareness knowledge assessments and phishing simulations. Proofpoint makes it easy to quantify human risk and identify who represents the greatest risk to your business. Instead of manually tracking human risk across the three key risk factors of privilege, attack and vulnerability, our customers can use Proofpoint Nexus People Risk Explorer (NPRE). With NPRE, each person receives a user risk score based on their behavior and identity information. Users are automatically grouped based on their scores. With user risk insights from NPRE, you can easily prioritize which groups need the most attention and decide how to best deliver your training to maximize its impact. A view of the dashboard for Nexus People Risk Explorer. Tip 2: Keep your program agile The threat landscape impacts every business differently. Comparing a financial services company to a manufacturing company may show that the former is targeted more often with ransomware than supply-chained based BEC attacks. It is important to keep your program agile so that you can easily adjust |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2023 2024 365 ability access across actions actively activity actors actual addressed adjust administrative after against agile agile all also amount analysis analyzes any approach are asked assessments attachments attack attacked attacks attacks attain attention automates automatically average avoiding awareness backed bad banking based bec because become been behavior behaviors being believe below best better blog both breach breaches build building business button can cause centric chained challenges change chart clear clicking clicks clients closed cloud common companies company comparing comprehensive confident confusion consider: considers contact content continuously could create credentials critical crucial culture current customers cyber cybersecurity damage dashboard data dbir decide defense deliver demonstrates differentiator differently directly discuss don dynamic each easily easy education educational effective element eliminates email employees empowered empowering empowers enabled enhance ensure ensuring equip equipped essential evaluates ever every evolves evolving example examples existing explorer factor factors fall far feel financial first focus former foster fostering foundational from future gaining give given gives google greatest group grouped groups groups guided had has have having help here high higher how however human identify identity impact impacts implementing important improve improving inbox incidents including incorporate individuals industry information initial insights instead integrated intel intelligence investigation investigations involve its keep key know knowledge landscape latest leading learn like links live loop lost lures maintain makes malicious manually manufacturing maximize may measures meet message microsoft mitigating module monitoring more most much must near need new next nexus not notably notes now npre occur often once one only opening organization organizations out outlined outlook over own partnered past people people™ percentage performance person phish phishalarm phishing phish” pillar placement post posture presented presents prioritize privilege privileged proactive probability professionals program proofpoint protecting protection provide pulling quantifiable quantify quantifying quarters ransomware rather real receives recent recognize recognizes reduce related relevant remediate replace report reported reporting represent represents research resilience resilient resources respond response responsibilities responsive result results retain ribbon right risk risks risky role root saves say says score scores screenshot second secure security services should show shows significantly simply simulated simulations small solutions source: starts state stolen stood strategy struggling successful such sufficient suite supply supported suspicious tactic tactics tailor take tap target targeted technological test than that them themed then therefore these threat threats three time timely tip tips today together tool tools top total track tracking training true truths type ultimately understand understanding url use used user users using vaps verizon version versions very victim view vigilance vigilance visibility vulnerability way well what when where which who why will willing within would year your “report |
| Tags | Ransomware Data Breach Tool Vulnerability Threat Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.