ProHoster > Very Attacked Person: find out who is the main target of cybercriminals in your company

Very Attacked Person: find out who is the main target of cybercriminals in your company

Today is a professional holiday for many Khabrovites - the day of protection of personal data. And so we would like to share an interesting study. Proofpoint prepared a study on attacks, vulnerabilities and personal data protection in 2019. His analysis and analysis is under the cut. Congratulations, ladies and gentlemen!

Very Attacked Person: find out who is the main target of cybercriminals in your company

The most intriguing thing about the Proofpoint study is the new term VAP. As the intro says: “In your company, not everyone is a VIP, but everyone can become a VAP.” VAP stands for Very Attacked Person and is a registered trademark of Proofpoint.

Recently, it has been assumed that if personalized attacks occur in companies, they are directed primarily against top managers and other VIPs. But Proofpoint argues that this is no longer the case, because the value of a single person for attackers can be unique and completely unexpected. Therefore, experts studied which industries were most attacked last year, where the role of VAPs was the most unexpected, and which attacks were used for this.

Vulnerabilities

The most susceptible to attacks were the education sector, as well as public catering (F&B), where representatives of franchises mainly suffered - small businesses associated with a “big” company, but with a much lower level of competence and information security. Malicious attacks constantly occurred on their cloud resources, and 7 out of 10 incidents ended in compromise of confidential data. Penetration into the cloud environment occurred through the hacking of individual accounts. And even in areas such as finance and healthcare, which have various regulations and security requirements, they lost data in 20% (for finance) and 40% (for healthcare) of attacks.

Very Attacked Person: find out who is the main target of cybercriminals in your company

Attacks

The attack vector is selected specifically for each organization or even a specific user. However, the researchers were able to identify interesting patterns.

For example, a significant number of compromised email addresses turned out to be public mailboxes - about ⅕ of the total number of phishing accounts used to spread malware.

As for the industries themselves, business services take the first place in terms of the intensity of attacks, however, the overall level of “pressure” from hackers remains high for all – the minimum number of attacks occurs on government structures, but even among them, malicious impacts and attempts to compromise data were observed by 70 % of study participants.

Very Attacked Person: find out who is the main target of cybercriminals in your company

Privilege

Today, when choosing an attack vector, attackers carefully choose its role in the company. The study found that lower-level managers accounted for an average of 8% more email attacks, including viruses and phishing. At the same time, attacks target contractors and managers much less often.

The development (R&D), marketing and PR departments were the most susceptible to attacks on cloud accounts - they receive 9% more malicious emails than the average company. In second place are internal service and support services, which, despite a high threat index, nevertheless experience 20% fewer attacks in number. Experts explain this by the difficulty of organizing targeted attacks on these units. But HR and accounting are attacked much less frequently.

Very Attacked Person: find out who is the main target of cybercriminals in your company

If we talk about specific positions, then the employees of sales departments and managers of various levels are most susceptible to attacks today. On the one hand, they are obliged to answer even the strangest letters on duty. On the other hand, they constantly communicate with financiers, logistics staff and external contractors. Therefore, a hacked sales manager account allows you to get a lot of interesting information from the organization, and with a high chance of monetizing it.

Methods of protection

Very Attacked Person: find out who is the main target of cybercriminals in your company

Proofpoint experts have identified 7 recommendations that are relevant to the current situation. For companies that are concerned about their security, they advise:

  • Implementation of people-centred protections. This is much more useful than systems that analyze network traffic by host. If the security service clearly sees who is being attacked, how often he receives the same malicious emails, what resources he has access to, then it will be much easier for its employees to build the appropriate defense.
  • Training users to work with malicious emails. Ideally, they should be able to recognize phishing messages and report them to the security service. It is best to do this using letters that are as similar to real ones as possible.
  • Implementation of account protection tools. You should always keep in mind what will happen when the next account is hacked or when the manager clicks on a malicious link. For protection in these cases, you need specialized software.
  • Installation of email protection systems with scanning of incoming and outgoing emails. Conventional filters no longer cope with sophisticated phishing emails. Therefore, it is best to use AI to detect threats, and also scan outgoing emails to prevent attackers from using hacked accounts.
  • Isolation of dangerous web resources. This is very useful for shared mailboxes that cannot be secured with multi-factor authentication. In such cases, it is best to block any suspicious links.
  • Protecting social media accounts as a method of maintaining a brand's reputation becomes essential. Today, channels and social media accounts associated with companies are also being hacked, and special solutions are also needed for their security.
  • Solutions from smart solution providers. Given the range of threats, the growing use of AI in the development of phishing attacks, and the variety of tools, truly intelligent solutions are needed to detect and prevent hacking.

Acronis approach to personal data protection

Alas, to protect confidential data, one antivirus and spam filter is no longer enough. And that is why one of the most innovative directions of Acronis development is our Cyber ​​Protection Operations Center in Singapore, where we analyze the dynamics of existing threats and track new malicious activities in the global network.

Very Attacked Person: find out who is the main target of cybercriminals in your company

The concept of Cyber ​​Protection, which lies at the intersection of cyber security and data protection methods, implies support for five cyber security vectors, including security, availability, privacy, authenticity and data protection (SAPAS). Proofpoint's findings confirm that today's environment requires greater data protection, and therefore today there is a demand not only for data backup (which helps protect valuable information from destruction), but also for authentication and access control tools. For example, Acronis solutions use an electronic notary based on blockchain technologies for this.

Today, Acronis services run on Acronis Cyber ​​Infrastructure, Acronis Cyber ​​Cloud, and use the Acronis Cyber ​​Platform API. Thanks to this, the ability to protect data according to the SAPAS methodology is available not only to users of Acronis products, but to the entire ecosystem of partners.

Only registered users can participate in the survey. Sign in, you are welcome.

Have you encountered targeted attacks on “unexpected” users on the network who are “not a VIP at all”?

  • 42,9%Yes9

  • 33,3%No7

  • 23,8%We have not analyzed this

Voted by 21 users. 3 users abstained.

Source: habr.com

Add a comment