Cloud Exchange 2022: How to take a human-centered approach to cybersecurity

This content is provided by Proofpoint.

Federal agencies have been extremely focused on moving to zero trust to protect data and systems, but that’s only a piece of the puzzle.

Why? Because the vast majority of cyberattacks are not directed at the systems themselves but at the people who access them, said Hanna Wong, director of public sector at Proofpoint.

Phishing still reigns as the No. 1 attack vector used by bad actors.

“They’re going after your employees, your contractors, your users. You need to defend your people to improve your cybersecurity posture. But not every person is the same, and not every person is being attacked at the same level,” Wong said.

For instance, human resources recruiters are constantly clicking external links and attachments, making them vulnerable users. “It doesn’t mean that they’re not vigilant,” she said. “It just means that the way that they use their email or the way that they interact within the network is a vulnerable way.”

Despite the reality that attacks might therefore come from unlikely users and areas, the typical response to address phishing is almost always training, and training tends to be applied equally across the board to all employees, with the exception of those who handle sensitive or classified data. But what about users who fail that training? Is the answer more training? After all, much of phishing training is about building recognition of common signs of phishing attempts.

“What we see in government is that these are folks who were not born with the internet. It takes a little more exposure to identify the more nuanced phishing attacks now. They are getting much better. There’s less spelling errors. The emails are starting to fall in line,” Wong said. “And even those who have been using the internet, were born with email, they’re going to start to fall for these.”

Building on zero trust

The first pillar of zero trust, multifactor authentication, can help to reduce such threats, but agencies need to prioritize user experience in their rollouts, Wong advised.

Past cybersecurity solutions often were built into the backend of the system or were rolled out without much thought to how users would respond. And unfailingly, people respond by taking the easiest path to compliance, she said. For example, as requirements for password complexity increased, many people simply began adding a number to the end of their passwords. If required to change their passwords, they’d increase that number by one. Making secure solutions harder to adopt will eventually result in a weakened posture.

Minimal disruption is the goal. The more security gets in the way of preventing users from doing their jobs, the more frustrated they’ll get, and the more lax they are likely to be.

That’s where solutions like Proofpoint’s Advanced Business Email Compromise (BEC) come in, Wong said.

“We can identify these phishing attempts and prevent them from hitting users’ inboxes to begin with. But the very important part of that is that you have to make sure the phishing attempts don’t hit users’ inbox without creating disruption to day-to-day, mission critical business,” she said.

Proofpoint accomplishes that by leveraging machine learning, inbound and outbound gateway telemetry, supply chain analytics, and API data from cloud productivity platforms. Its Advanced BEC analyzes email components such as header data, sender’s IP address, relationship between sender and recipient, and the message body itself for common phishing red flags and tactics.

Learning from monitoring billions of emails

Proofpoint monitors more than 2 billion messages a day, across hundreds of millions of domains, and more than 16 million cloud accounts. Its machine learning algorithms are constantly improving, Wong said, adding that its already high success rate and low false positive rate are constantly improving as well.

Additionally, Proofpoint Essentials can analyze emails for malicious URLs. It monitors emails in real time and compares URLs against lists of known malicious links and emerging campaigns. It also checks for suspicious behavior like obfuscated scripts, malicious code snippets and redirects. Wong noted that it continues to do so after a user clicks a link. That matters, she said, because hackers often include initially harmless links that turn malicious after a certain amount of time.

Both of solutions walk that tightrope between securing the user without inhibiting their ability to focus on the mission and stopping malicious contacts without inhibiting true communication, she said.

“Minimal disruption is what’s really important,” Wong said. “If security is constantly interrupting the ability to get your job done in a day, then that’s going to cause frustration that’s going to cause an uproar, so to speak, about the fact that it’s causing more issues than it’s securing.”

Check out more from the Federal News Network Cloud Exchange 2022.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.