Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home AI & Data

Taking a People-Centric Approach to Cybersecurity

by Kelsey Winick
November 6, 2020
in AI & Data, Civilian, Cybersecurity, Defense & IC, Uncategorized
Reading Time: 3 mins read
A A
people-centric
Share on FacebookShare on Twitter

Federal agencies are all too aware of the myriad of outside threats facing their organizations. Beyond looking at threats outside their organization, federal agencies should also be looking at insider threats and consider a people-centric approach to cyber security.

Bruce A. Brody, Resident CISO at Proofpoint Federal, shared in a recent report that “people have become the weakest link in the cybersecurity chain.” It is important for government workers to be aware that “the federal government’s information technology systems and networks have been and continue to be attractive targets for foreign intelligence services and other malicious actors in cyber space,” said Brody.

According to the report, “over 99 percent of cyber attacks are human activated, which means they need a human being to activate the attack by opening a file, clicking a link or being tricked into taking some other type of action.” To this end, it would make sense for agencies to change their focus from external attacks and focus on a people-centric approach to cybersecurity.

Watch the Webinar

Common ways that threat actors initiate insider threat attacks are through phishing and password spraying, a “brute-force attack,” and by utilizing “credential-stealing malware.” With a password spraying attack, the goal is not only to steal credentials, but also “take over accounts in order to establish persistence and move laterally. This establishes a foothold for cybercriminals and allows them to search for important data and exfiltrate it,” according to the report. A recent Federal Bureau of Investigation report cited that there were “more than $26 billion in losses and more than 166,000 incidents worldwide in 2019 as a result of business email compromise (BEC) and email account compromise (EAC).”

For Brody the importance of taking a people-centric approach is important. “If federal CISOs truly want to mitigate the risk of a breach, security attention, and resources must shift from focusing on endpoints to focusing on people.” This is purely because, “attackers consistently use email as the No. 1 threat vector to launch attacks, primarily because it works.” With this in mind agencies have a responsibility to educate workers on these types of attacks and how they mine personal information in order to create a personalized attack.

While it used to be true that phishing attacks were primarily directed against C-suite executives, there’s been a shift in who exactly is the prime target.  After examining the data Brody and the Proofpoint team coined the term: Very Attacked People™ or VAPs. These are the individuals that “have access to [data] and have the behaviors that indicate that they might fall for a modern, social-engineered attack.” Examples VAPs include: “someone on an important secretive project, someone who has the privileged access to transfer money, or someone who monitors the emails and manages the calendars of senior leadership.”

By using a people-centric approach to cybersecurity, government organizations are able to better manage risks and mitigate potential attacks. By starting with agency workers and building an information security infrastructure that is tailored to counteract the most likely threat vectors, federal agencies are able to get ahead of the threats and combat cyber attacks.

Interested in learning how to take a people-centric approach to cybersecurity? Watch the webinar here.

Tags: Cyber Attackpeople-centricphishingProofpoint

RELATED POSTS

Enhanced Network Security
Civilian

Enhanced Network Security Helps Agencies Defend Against Cyberattacks

June 8, 2021
Defending against malware
Cybersecurity

Defending Against Malware Attacks: A Strategy Guide for Agencies

June 3, 2021
Hack-for-Hire
Cybersecurity

Hack-for-Hire Group, BAHAMUT, Exposed

December 21, 2020

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    8426 shares
    Share 3370 Tweet 2107
  • Network Slicing Enables Agencies to Create Private, Secure, and Customized Networks: A Podcast

    111 shares
    Share 44 Tweet 28
  • CISA Issues Updated Guidance to Protect Federal Agencies Against Expected Onslaught of DDoS Attacks

    24 shares
    Share 10 Tweet 6
  • For CBP and DHS, AI Reveals Meaningful Connections from Disparate Data

    19 shares
    Share 8 Tweet 5

CONNECT WITH US

Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisment Banner Ad Advertisment Banner Ad Advertisment Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us