Cybersecurity attacks continue to make headlines worldwide and cost organisations millions of dollars each year. Perhaps surprisingly, more than 90 percent of these attacks begin with an email, manipulating people into becoming unwitting accomplices by opening malicious emails, clicking on links, transferring funds, and more.

Rather than relying on software and hardware vulnerabilities within an organisation as they have in the past, cybercriminals have shifted down a much more lucrative avenue. Today, criminals are exploiting humans to deploy damaging and costly attacks via email, mobile and social channels, leveraging personalisation and social engineering tactics, with disastrous consequences for businesses.

Email fraud, or business email compromise, is a growing threat that impacts organisations of all shapes and sizes. According to FBI figures, global businesses have lost more than US$12.5 billion dollars due to employees falling for fake messages and forfeiting their login info and personal credentials or wiring money to imposters.

These highly targeted email attacks spoof trusted executives or partners and often don’t include a payload – such as a malicious URL or attachment – helping attackers evade traditional security technologies to reach people inside organisations. And these people are not whom you think they might be.

Often, an organisation discovers that the VIPs in the company are not the same individuals that a cybercriminal targets. Instead, an organisation’s very attacked people (VAPs) might include an assistant to the CEO, a programmer who handles all the code for remote key access for an automotive manufacturer, or even the financial team member who wires out financial payments to vendors. Recent research from Proofpoint shows that low-level employees, freelancers, and contributors account for 60 percent of the victims in highly targeted, email-based cyberattacks.

So how can businesses protect themselves, their customers, and employees in today’s evolving threat landscape?

Crafting a security strategy that protects people first, rather than the technology they use, is a critical step in proactively preventing a catastrophic loss of data. To provide effective prevention, security teams need a vantage point into the entire threat landscape across their organisation to understand how they are being targeted, through which channels, and what systems and critical data are compromised.

Proofpoint, a leading next-generation security and compliance company, provides customers with real-time visibility into their attack surface to determine their total risk exposure. Only Proofpoint provides threat intelligence that spans email, network, mobile apps, and social media. The company’s threat graph of community-based intelligence contains more than 800 billion data points that correlate attack campaigns across diverse industries and geographies.

Proofpoint’s Targeted Attack Protection (TAP) detects, mitigates, and resolves advanced threats that target users and provides organisations with a Threat Dashboard that arms security teams with data at the organisation, threat, and user-level.

With TAP, users can:

• Block and quarantine messages with malicious attachments or suspect URLs. These never reach the inbox, so users cannot click them and become compromised.
• Submit attachments and URLs to Proofpoint’s cloud-based scanning service to detect and inspect malicious content.
• Transparently rewrite all embedded URLs to protect users on any device or network.
• Track and block clicks to malicious web pages without affecting the user experience or other URL-filtering technologies in use.

In addition to proven technology solutions, it is critical that organisations invest in security awareness training to bolster employees’ resilience to social engineering tactics. Educating employees helps to improve awareness, change users’ behaviour, and reduce risk while identifying users that are especially vulnerable. Proofpoint Phishing Simulation and Security Awareness solutions provide organisations with unique and effective anti-phishing filtering that reduce successful phishing attacks and malware infections by up to 90 percent.

For more information on how Proofpoint can help protect your organisation, please visit https://www.proofpoint.com and connect with a regional Proofpoint representative.