According to the company, the new innovations further enhance its threat and information protection platforms, in addition to its newly formed Identity Threat Defense business (formerly known as Illusive), to help organizations augment and safeguard their productivity investments, such as Microsoft 365, with maximum deployment flexibility.

“Proofpoint continues to deliver on innovations that empower organizations to break the attack chain,” said Ryan Kalember, executive vice president, cyber security strategy, Proofpoint in a statement. “By providing our customers a unified path to solve for risk across email, cloud, identity and data, CISOs gain unparalleled visibility into and protection against the tactics that attackers rely on most.”

Proofpoint’s Aegis Threat Protection Platform

Proofpoint Aegis Threat Protection Platform is an AI/ML-powered threat protection platform that disarms attacks, such as business email compromise (BEC), phishing, ransomware, supply chain threats. With flexible deployment options using both APIs and inline architecture, Aegis delivers AI-powered, cloud-based protection that complements native Microsoft 365 defenses, says Proofpoint.

By combining the company’s proprietary behavioral analytics and threat intelligence, Proofpoint is delivering new capabilities that provide visibility into account takeover-based attacks from both within an organization’s environment and outside suppliers.

Supplier Threat Protection

Supplier relationships are a growing attack vector: 69% of organizations experienced a supply chain attack within the past year, and CISOs rate it as one of their top concerns, according to Proofpoint research. With Proofpoint’s Supplier Threat Protection, organizations can detect compromised supplier accounts so that security teams can swiftly investigate and remediate.

This new product proactively monitors for and prioritizes known compromised third-party accounts, simplifies investigation with details on why the account is suspected compromised and which employees recently communicated with the account in question, enabling security teams to seamlessly defend against prevalent third-party attacks such as BEC and phishing.

Targeted Attack Prevention Account Takeover (TAP ATO)

Threat actors successfully override MFA in 30% of all targeted cloud and email account takeover attacks according to Proofpoint threat research. Once inside, malicious actors can hide undetected in an organization’s environment, waging sophisticated attacks at will.

Proofpoint TAP ATO, available at the end of Q2 2023, provides visibility across the entire email account takeover attack chain. It accelerates response investigation and remediates accounts, malicious mailbox rule changes, and manipulations of third-party apps and data exfiltration across email and cloud environments.

Identity Threat Defense (formerly known as Illusive)

From ransomware to APTs, 90% of attacks rely on compromised identities, says Proofpoint. The complexity of managing Active Directory (AD) has resulted in the presence of exploitable privileged identity risks in all organizations at a rate of one in six endpoints.

These identity risks include unmanaged local admins with stale passwords, misconfigured users with unnecessary privileges, cached credentials left exposed on endpoints and much more. When an attacker compromises an endpoint with these privileged identity risks, deploying malicious software and stealing data is easy. Privileged identities represent the keys to the kingdom, which attackers exploit to steal the crown jewels. Unfortunately, most organizations are unaware of this risk – until they are attacked.

Leveraging new advanced identity risk analytics and automated detection, Proofpoint has further bolstered its Identity Threat Defense platform – undefeated in more than 150 red team exercises – to provide organizations with comprehensive identity risk protection and remediation:

 Spotlight Risk Analytics

The new advanced risk analytics in the Spotlight dashboard allows users to gain an executive view of an organization’s risk trends as well as exposure across various risk categories and risk exposure levels. It also provides recommendations for possible user admin action.

Spotlight Risk Analytics simplifies decision makers’ workload while ensuring organizational leaders can make informed decisions to remediate modern and sophisticated identity risks. With availability expected late Q2 2023, decision makers will also be able to follow risk trends to track their organization’s risk posture improvements over time.

Proofpoint Spotlight Cross Domain & Trust Visibility

For organizations with complex infrastructure, including multinational, multi-business and merging organizations, identity infrastructure is often stitched together without broader visibility.

Spotlight Cross Domain & Trust Visibility provides insight to understand where AD domains across companies have too much bi-directional trust, which can result in identity risk and lateral movement by attackers. Business leaders can gain a centralized view into the broadest organizational structure’s domains and trusts to better prevent identity risk exposure in a holistic fashion.

Sigma Information Protection Platform

Since its introduction in early 2020, Proofpoint’s information protection business has grown a remarkable 107%, making the company the second largest data loss prevention (DLP) vendor globally and by revenue according to Gartner. Driven by the accelerated adoption of work-from-anywhere practices, the Proofpoint Sigma Information Protection platform is now deployed to over 5,000 customers and 46 million users worldwide, analyzing 45 billion events each month, and trusted by nearly half of the Fortune 100.

Proofpoint’s Information Protection platform merges content inspection, threat telemetry and user behavior across channels in a unified, cloud-native interface.

Privacy by Design Data Loss Prevention

As international organizations work to meet new and changing local privacy and data sovereignty requirements, Proofpoint now hosts its Sigma Information Protection platform in regions such as the European Union, Japan, and Australia in addition to the U.S.

Proofpoint is also further investing in privacy-related capabilities so that organizations can mask sensitive data in the console to limit its exposure and create custom data access policies to address privacy and compliance needs. 

Additional features are available in beta, with general availability expected in Q3 2023, enabling organizations to anonymize identifying user information so analysts can investigate without bias and with better privacy for the user.

Administrators will also be able to set up metadata for anonymization and approval workflows for de-anonymizing the metadata during investigation.

The post Proofpoint Unveils New Innovations to Combat Increasingly Common Threats appeared first on My TechDecisions.

That individual, Jack Teixeira, was an IT worker for the Air National Guard, working as a Cyber Defense Operations Journeyman, according to an affidavit that was unsealed Friday. That role, essentially a junior security system administrator tasked with supporting IT systems, included access to sensitive compartmented access and other highly classified programs.

The information disclosed in the leaked documents included details on the U.S.’s ability to deeply spy on both adversaries and allies, as well as detailed information about ground movements of troops in Ukraine.

With the help of a Discord user, the FBI was able to identify the Discord account and discover Teixeira’s identity, including his address. They easily discovered that Teixeira was employed by the U.S. military.

U.S. agencies were able to access logs of documents accessed by Teixeira and compare them with what was being posted on Discord and when. In addition, U.S. agencies that monitor searches conducted on classified networks discovered that Teixeira used his government computer to search classified intelligent reporting for the word “leak” as the story began to make headlines.

Insider Risk Management 

This is a perfect example of why organizations need to take insider threats and securing highly privileged accounts very seriously.

According to a recent Microsoft report, the average organization has about 12 insider risk events each year, with about one-third of organizations reporting an increase in their insider risk event occurrence in the past year.

Microsoft’s report, “Building a Holistic Insider Risk Management Program,” also identified IT professionals as the most associated with being at risk for abusing or leaking data. IT was far and away the most identified with 60% seeing IT as highly at risk. Second was finance and accounting at just 48%.

“This makes it all the more important to ensure that the security and IT teams investigating insider risks have strong auditing and approval controls in place, to make sure that their actions are in the best interest of the organization,” the company said in the report.

Another recent report from insider risk management provider Code42 finds that companies with an insider risk management program in place saw a 32% increase in data loss incidents, and 71% expect data loss from insider events to increase over the next 12 months.

The report, the culmination of a survey of chief information security officers (CISOs), found that 82% of CISOs say data loss from insiders is a problem for their organization.

Insider events have devastating effects on organizations, with 79% of cybersecurity executives saying they could lose their job from an unaddressed insider breach. In addition, security leaders said insider risk was the most difficult type of threat to detect, according to the report.

In this case, it’s more than just jobs and a company’s reputation at stake–it could be someone’s life.

The post The Alleged U.S. Military Document Leaker Worked in IT appeared first on My TechDecisions.

IT and security professionals are most often tasked with managing data and investigating data breaches, but they are also the most associated with being at risk, according to a new Microsoft report on insider risk.

To help organizations navigate that threat of insider risk, Microsoft has published its first report specifically to address those challenges that lays out several new insights about how organizations can switch from a fragmented approach to insider risk management to a holistic one.

The guide, “Building a Holistic Insider Risk Management program,” addresses potential risks from multiple areas as part of a greater data protection strategy. Microsoft’s Corporate Vice President and Chief Information Security Officer Bret Arsenault says the company itself transitioned from a fragmented approach to a more holistic and comprehensive strategy that included getting more buy-in from leadership and making sure user privacy is built in from the start.

“Following our own transition, Microsoft wanted to better understand how organizations are approaching insider risk management, specifically how some of these security and compliance teams were thinking about insider risk management holistically,” Arsenault says in a blog post.

The insider risk landscape is growing

The report lays out new insights about how to achieve a holistic insider risk management approach, including how holistic organizations think privacy controls should be used in the early stages of investigations. According to Microsoft, 92% of holistic organizations say training and education are vital to proactively address and reduce insider risks, while just 50% of fragmented organizations feel the same way.

The growing prevalence of distributed work environments is leading to growing concern about insider risk incidents, with organizations leaning heavily on technology and data proliferation to make those work models effective and keep employees productive.

Across all industries, Microsoft’s report identified about 12 insider risk events each year at any given company. When combined with malicious events, that makes an average of 20 incidents. About one-third of organizations reported an increase in their insider risk event occurrence in the past year, but 40% expect these incidents to continue to grow.

IT’s outsized impact on insider risk

According to the report, IT teams are the most associated with being at risk for abusing or leaking data despite the fact that they are typically in charge of detecting and remediating insider risk. IT was far and away the most identified with 60% seeing IT as highly at risk. Second was finance and accounting at just 48%.

The report identifies finding reliable and trustworthy employees to carry out insider risk detection and remediation as a critical step to running a successful insider risk program.

“This makes it all the more important to ensure that the security and IT teams investigating insider risks have strong auditing and approval controls in place, to make sure that their actions are in the best interest of the organization,” the report says.

The impacts of insider events

Organizations ranked theft or loss of customer data as the highest impact of insider risk events, followed by brand or reputation damage, theft or loss of employee personal data, theft of loss of mission critical data or intellectual property, legal and regulatory impact, lost confidence among key stakeholders, remediation costs, and downtime.

The study—which solicited input from organizations of all sizes—found that the cost of a single data breach from an insider event can be devastating. Nearly 40% of respondents said the average cost was more than $500,000 for a single event. With an average of 20 events per year, that can be a financial impact of $10 million for the average company.

However, Microsoft says those costs are likely on the lower end of the spectrum, citing one case in which a chemist working for the Coca-Cola Company and Eastman Chemical Company was convicted of stealing trade secrets, corporate espionage and wire fraud, with a financial impact of nearly $120 million.

Aside from financial considerations, insider risk events can destroy employee relations, with organizations concerned about violating employee privacy rights and losing employer trust.

Learn more about Microsoft’s holistic approach to insider risk management here.

The post Microsoft: IT Departments are in Insider Risk Crosshairs appeared first on My TechDecisions.

Beyond Identity surveyed 1,121 employees and employers across Ireland, the U.K. and the U.S. to find out how exactly employees are using and/or misusing their continued access.

Of the respondents, 83% said that they still had access to the digital assets of their previous employer.

The information former employees most commonly took and still have access to are old email accounts (35%), work-related materials on a personal device (35% ), company social media accounts (31%), software accounts (31%), shared files or documents (31% ), accounts with a third party system (29%), other employees email account (27%), back end of employer website (25%), and access to companies financial information (14%).

Abuse of Access

The most common taken information from former employers is contact information for coworkers (31%), saved conversations with coworkers (30%), company ideas (27%), saved conversations with the employer (26%), notes on work completed (25%), contact information for clients (25%), company financial information (24%), process related documents (24%), passwords (24%), and pay stubs and tax information (14%).

Related: What is Zero Trust and How Do You Implement It?

Of the Beyond Identity survey respondents, 28% admitted they gained access to the back end of their previous company’s website row. The same amount also admitted to logging into someone’s email other than their own. When asked if they told their former employer about any of this access only 59% said yes.

Cyber Exit Risks

Fifty-six percent of respondents said that they had used their digital access to intentionally harm their previous employer. Among those who’d been fired, the statistic increased to 70%, according to Beyond Identity.

Of the 218 business leaders that Beyond Identity interviewed, nearly three quarters of them reported having been harmed by a previous employee. Thirty-nine percent said this included the employee accessing the company’s financial information, followed by 37% who mentioned them gaining unwanted access to emails.

More than a third said a disgruntled former employee had hacked into the back end of the company website, taking company files and/or accessed company software.

The research also revealed only half of employers are attempting to completely wipe a device after an employee’s departure.

When it comes off boarding, an IT specialist was only involved 9% of the time.

Every time a former employee logs onto the company network, they put their company’s digital security at risk.

It’s now more important than ever to have proper offboarding procedures and access policies in place.

The post More Than A Third Of Former Employees Still Have Access To Company Data appeared first on My TechDecisions.

The insider risk management software firm’s Annual Data Exposure Report for 2022 finds that organizations face a 37% chance that they will lose IP when employees quit. Nearly all (96%) or respondents to the company’s survey say they have challenges protecting corporate data from insider risks, but most don’t have resources dedicated to mitigating that risk.

According to the report, just 21% of companies have cybersecurity budgets dedicated to tackling insider risk, and 91% of senior cybersecurity leaders think their organization’s executives need to better understand insider threats.

Insider threats have increased dramatically over the last two years, as millions of employees leave their jobs each month, with a record 4.5 million doing so in November alone. That means sensitive information could be leaving organizations in troves with their departing employees.

The report found that organizations have a general lack of visibility about that issue, as 71% said they are both concerned about sensitive data being stored outside of corporate storage and don’t know the details of the sensitive data employees take to other companies.

On the disconnect between executives security leaders and security practitioners, the report found that 57% of cybersecurity practitioners aren’t consulted by cybersecurity leaders when making decisions about the company’s security strategy. However, 56% of all cybersecurity professionals don’t think they have a seat at the table when business decisions are made.

And, 91% of respondents think their organization’s executives need to better understand insider risk.

Overall, entire organizations need better data security training, the report found, as 96% agreed on the need to improve awareness. About one-third say they need to completely overhaul that training, with 63% of public sector organizations saying the same.

Joe Payne, Code42 president and CEO, says employee turnover and remote work are wreaking havoc on security teams and efforts to protect IP.

“Companies must fundamentally shift to a modern data protection approach – Insider Risk Management (IRM) – that aligns with today’s cloud-based, hybrid-remote work environment and can protect the data that fuels their innovation, market differentiation and growth,” he says.

The post Most Organizations Lack Visibility Into Their Insider Risk appeared first on My TechDecisions.