Humans have become the weakest link in the cybersecurity chain. So, federal agencies must adopt human-centric cybersecurity strategies to successfully anticipate the growing number of threats that now focus on the end user, according to research from Proofpoint.
In a new white paper, Proofpoint Resident CISO Bruce Brody highlights new research that shows that more than 99% of cyberattacks are human-activated, meaning “they need a human being to activate the attack by opening a file, clicking a link or being tricked into taking some other type of action.”
And on top of that, its people attacking people, Brody writes in the white paper, titled “People-Centric Cybersecurity from a Federal Perspective.”
“Unlike past years, the threat landscape is showing fewer high-volume, fully automated attack campaigns, like the Nigerian letter scam or bots and Trojans,” says the white paper, created by Proofpoint Threat Research. “In other words, attackers are not just botnets sending massive spray and prey campaigns at scale or using ransomware to automatically encrypt data in order to hold it hostage. Modern threat campaigns are lower volume, highly targeted and focused on humans.”
Federal CISOs, in turn, must now focus on more targeted, human-driven attacks, particularly through email compromise, the research says. The white paper cites an FBI statistic of “more than $26 billion in losses and more than 166,000 incidents worldwide in 2019 as a result of business email compromise (BEC) and email account compromise (EAC).”
Typically, an attack comes from one of four sources: cyber criminals, state-sponsored actors, hacktivists or insider threats. And often, they use tactics such as credential phishing, password spraying or credential-stealing malware.
Attackers want more than credentials, however. “The real goal is to take over accounts in order to establish persistence and move laterally,” Brody’s white paper says. “This establishes a foothold for cyber criminals and allows them to search for important data and exfiltrate it.”
Agencies should consider moving on from a network-centric focus on cybersecurity, Brody says, as sophisticated attackers no longer view the world in terms of a network diagram. “Attackers nowadays can easily mine LinkedIn or Google to gather intelligence and launch a targeted threat campaign against any federal enterprise.”
Proofpoint is dedicated to helping federal enterprises gain insight and visibility into their people, the data they have access to and their patterns of behavior. The company calls these Very Attacked People, or VAPs — often “someone on an important secretive project, someone who has the privileged access to transfer money or someone who monitors the emails and manages the calendars of senior leadership.”
Through its Proofpoint Attack Index, the company identifies highly targeted people and surfaces them out of the noise of typical threat activity, which in turn shrinks the attack surface, Brody says.
“This people-centric approach to security is essential to managing risk in today’s federal computing enterprise,” Brody writes. “Once an agency understands who is being targeted, the agency can apply mitigating controls to insulate those people.”
Read more about improving cybersecurity using a people-centric approach.
This article was produced by FedScoop for, and sponsored by, Proofpoint.