One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8547298 |
| Date de publication | 2024-08-02 06:00:00 (vue: 2024-07-30 14:18:56) |
| Titre | Utilisez l'apprentissage ciblé pour réduire exponentiellement vos risques de cybersécurité Use Targeted Learning to Exponentially Reduce Your Cybersecurity Risks |
| Texte | The days of a one-size fits all security awareness program are over. The State of the Phish report from Proofpoint notes that over 98% of businesses have a security awareness program. Yet a staggering 68% of users say they take risky actions despite knowing the risks. These statistics underscore the frustrations that we hear from prospective clients every day. They tell us that while they run a continuous educational program, they struggle to achieve the desired behavior improvements among their users. Some of the key challenges they face are: Not knowing who represents the greatest risk to the organization Not knowing what policies, threats and vulnerabilities to educate users about at any given moment Not being able to keep a program agile without exhausting resources, constantly updating user groups or continually tailoring curriculums These issues highlight the critical need to go beyond traditional security awareness and think holistically to build a human risk management program. A good place to start is focusing on highly targeted user groups. It\'s these users who are often the ones responsible for most of the security issues within a business. When you can tailor education to the specific needs of these users, you can mitigate individual vulnerabilities. You can also fortify your entire defense against potential attacks. A new workflow from Proofpoint focuses on these users to produce exponentially positive results in helping you reduce overall risk. In this blog, we\'ll explore why focusing on human risk management is so important. And we\'ll explain how Proofpoint can help you do just that. What is human risk management? Human risk management builds on existing security best practices to automate cyberattack prevention and response. What makes it different is that it places people at the center. Fundamental to a human risk management solution is an ability to ingest user event and identity activity across multiple security tools within a given environment. The solution will track: Attack risk. The likelihood a user will be attacked Vulnerability risk. The likelihood that the attack may be successful Privilege risk. The damage that a successful attack may cause the organization Then it quantifies an overall risk score for each individual. With this insight, companies and their security teams can: Gain visibility into which individuals or groups are prime targets and prioritize strategies to best protect them Intervene with technical controls to immediately prevent a risky action or provide contextual nudges that advise users about their risks and how to avoid them Automatically enroll risky users into tailored education curriculums, which empowers them to protect themselves and the company against future cyberattacks Easily track improvements in user behaviors and foster a positive security culture These are the issues that the new Adaptive Threat and User-Risk Response Workflow within Proofpoint Security Awareness is designed to address. In short, this new workflow lets you take advantage of everything that is great about Proofpoint. Our Adaptive Threat and User-Risk Response Workflow The new workflow integrates three core capabilities. It enables you to: Dynamically create and manage user groups based on the user risk profiles and groups derived from Proofpoint Nexus People Risk Explorer (NPRE) and Proofpoint Targeted Attack Protection (TAP) using Adaptive Groups Create a threat-driven educational curriculum based on the defined Threat Families tracked by our own Threat Research and reported via TAP Build an Adaptive Assignment to auto-enroll new users into the curriculum whenever a new user qualifies for the previously created Adaptive Group This adaptive learning approach prioritizes education for highly targeted groups. It helps to drive maximum user engagement, too, by enabling administrators to tailor |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | ability able about account achieve across action actions activities activity actor adaptive address administrators admins advancement advantage advise against agile ahead alerts align all allocate allows also among analyzing any anyone app approach approach are are: assess assesses assessments assets assignment associated attack attack attacked attacked attacks attributes authentication auto automate automatically available avoid awareness based becomes been behavior behavior behaviors being benefits best beyond blog break build building builds business businesses but button can can: capabilities cause center challenges changer characteristics click clicker” clients cloud comes common companies company competency competent comprehensive compromised conditions configuration connects considers constantly contact content contextual continually continuous contribute control controls core could create created critical culture curriculum curriculums curriculums customer cyberattack cyberattacks cybersecurity damage data day days dedicated defense defined deliver department/group/individual derived designed desired despite detailed different directly directory discover distribution diversity does drive driven dynamically each easily educate education educational effectively emails empowered empowers enables enabling enforce engagement enroll enrolled enrollment entire entitlements environment evaluate event every everything example exhausting existing explain explore explorer exponentially face factors families family family” fight filter firewall first fits focus focuses focusing following fortify foster fraud fraud” from frustrations fundamental future gain game get given gives giving good granular great greatest greatly group group group: groups groups handling has have hear heart help helping helps here high highest highlight highly holistically how human identifying identities identity ignore immediately imminent important improvements include includes inconsistencies index individual individuals inflict information ingest insider insight insights integrate integrates integration intervene issues jewel” just keep key knowing knowledgeable learn learning lets library like like domain likelihood likely limited list location makes manage management maximize maximum may means member members message metric metrics mindset mitigate model modules moment more most multiple need needs new nexus not notes npre nudges often one ones opportunity option organization organization over overall overview own participation party paths people people™ performance phish phishing place places plus policies positive potential practices prebuilt prevent prevention previously prime prioritize prioritizes privilege privilege privileged proactive probability produce profile profiles program promote proofpoint prospective protect protection provide qualifies quantifiable quantifies quantifying quickly rather receive reduce reduction relevant report reported represent represents requests research resources response responsible results risk risk risk risks risky risk” run say score scores search security shadow short significant size solution solutions some sophistication specific spread staggering start state statistics stay strategies struggle successful successful such susceptible suspicious tailor tailored tailoring take tap tap target targeted targeting targeting targets teams technical tell tests than them them themselves then these they think third those threat threats three through tier to: today too tools top toward track track: tracked tracks traditional training trojans type types underscore updating url usage use used user users using very visibility volume vulnerabilities vulnerability vulnerable well what when whenever which who why will within without workflow workflow work |
| Tags | Tool Vulnerability Threat Cloud Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.