DATA LOSS RISK
DEFENDING AGAINST DATA LOSS AND MITIGATING INSIDER THREATS
Group Manager, Product Marketing, Proofpoint
Defending against this highly prevalent threat requires a human-centric approach to information protection. By gaining insight into risky user behavior, we can break the attack chain and protect our sensitive data from compromised and malicious users.
We recently explored growing concerns around insider threats as part of our Break the Attack Chain webinar series. Here are 6 key takeaways:
Email is still the simplest and most effective way for threat actors to penetrate our defenses. While we may have classified threats slightly differently in the past, this has essentially remained the case for over a decade.
The threat has evolved in many ways since then, with MOs shifting from URL exploit kits and malicious attachments to Business Email Compromise (BEC) and novel techniques like MFA bypass and TOAD attacks.
Today, we are seeing more of the weaponization of legitimate services like OneNote and SharePoint to increase engagement with malicious email. Email attacks can result in cloud account takeover. For example, Microsoft 365 credentials compromise exposes sensitive data in OneDrive and SharePoint that can lead to data theft and manipulation. Account takeover also opens the door to internal phishing and further data security risk.
But while the tactics may have changed, the depressing reality is we’re still fighting the same fight more than ten years on.
When we scratch the surface of email attacks, we see that identity remains the primary focus in many cases. But once again, the techniques and tactics have evolved from more simplistic credential harvesting to MFA bypass attacks in recent years.
It’s not surprising that user credentials are the target here. Once a threat actor has successfully compromised an account, their ability to cause harm is significantly increased. Cybercriminals will move within networks for some time, escalating privileges and locating sensitive data before executing their payoff.
Ransomware has evolved similarly, too. Where once it was a one-off drop via an attachment, today’s attacks are multistage. In many cases, ransomware is the starting point for data extortion and other devastating follow-up attacks. Ransomware today not only encrypts data but also exfiltrates it for further extortion.
The scattergun approach to email attacks is much less common than it once was. Cybercriminals know that privileged identities are the keys to the kingdom and focus their attacks accordingly. Unfortunately, they have a lot of potential targets.
Around 13% of endpoints have exposed privileged credentials and one in six endpoints and servers have exploitable identity risk. To make matters worse, 100% of organizations are exposed to service account and shadow admin risk.
To successfully penetrate defenses, all threat actors need to do is compromise one of these accounts. From here, they can move laterally through networks and systems, escalating privileges, identifying sensitive data and dropping malicious payloads.
Data can do incredible things. But it can’t walk out of your organization on its own. More often than not, your people usher it out of the door.
Over 70% of data breaches involve a human element. In most cases – 56% – the driving factor is carelessness. This could be someone clicking on a malicious link or downloading an attachment, reusing passwords, or taking security shortcuts.
Malicious users are behind around a quarter of insider-led incidents. Malicious insiders are motivated by self-gain or revenge. Departing employees take data, feeling entitled to what they worked on, whilst employees on a performance plan may want to sabotage the company.
Finally, around 18% of insider threats are driven by compromised accounts. These are often people whose credentials have been exposed unknowingly.
Visibility is key to defending against cyber threats. The more you know about your data and the people who can access it, the better placed you are to spot suspicious activity and break the attack chain.
There are many tools that can offer some insight into network and user activity. However, Proofpoint Information Protection is the only platform that merges content classification, data loss prevention, threat telemetry and user behavior monitoring and analytics across channels in a unified, cloudnative interface.
Essentially, Information Protection does several things incredibly well. It detects and blocks data exploitation attempts and helps to gain insight into risky behavior that can lead to abuse of systems and data loss. By incorporating threat intelligence, it can also link email and cloud threats to data loss.
Proofpoint Information Protection is just one of several tools designed to protect your people and your data along the attack chain – from initial compromise to staging and impact. Security teams must align the right controls with the right people at the right time to build an effective, multilayered defense.
This starts as early as reconnaissance. Proofpoint People Protection is designed for this stage of the attack chain and is the only AI/ML-powered threat protection platform that disarms today's advanced attacks, including BEC, phishing, ransomware and supply chain threats.
Identity Protection is required further along the chain to cut off common attack paths, prevent privilege escalation and detect and respond to lateral movement.
This platform can also discover and remediate real-time vulnerabilities, even when attackers are in action within your environments.
As always, comprehensive user education must underpin your arsenal of security tools.
Learn more in our webinar – Defend against data loss and insider threats
Watch now
Defend your data with the only information protection platform that merges content classification, threat telemetry and user behavior across channels in a unified, cloud-native interface.
Learn more
Zero-day attacks and unpatched vulnerabilities make a lot of headlines. But the results of our inaugural 2024 Data Loss Landscape report show that people are the root cause of most data loss incidents.
Download now
