State of the Phish 2020

Proofpoint Cloud App Security Broker (CASB) is now part of our Information Protection platform that protects against data loss by combing content, threat, and behavior telemetry across cloud, email, and endpoint channels. We continue to add API and proxy-based capabilities, allowing more visibility to cloud security and compliance, automated response, and simplified deployment.

Watch our live demo to see how our new CASB capabilities will help you:

- Manage role-based access and gain visibility to audit logs using our new admin module
- Protect sensitive data in messages and files shared in Teams via webhooks APIs
- Control file sharing based on external domains
- New mobile MFA app for risk-based authentication

99% of the phishing attacks Proofpoint observed required human interaction to succeed, resulting in malware installation, wire fraud, unwitting data disclosures, and more. Educate your staff and limit cyber attacks through Proofpoint’s industry-leading security awareness training. Backed by threat intelligence, Proofpoint’s Security Awareness Training ensures you are delivering the right training, to the right people, and at the right time.

Watch our live demo to learn how to:

- Understand the threats facing your organization and users by leveraging Proofpoint’s Threat Intelligence
- Assess your users’ susceptibility to phishing attacks and other threats
- Drive behavior change, turning your users into security assets, through our engaging and entertaining training

Email fraud often starts with an email in which the attacker poses as someone the victim trusts. The message makes a seemingly legitimate business request that usually leads to wire transfer or financial payment. Unfortunately, most organizations don’t have visibility into the risk posed by their suppliers. So how can you better protect your company?

Watch this live demo to learn more about how attackers are going after your suppliers and how you can mitigate your risk of email fraud. We cover:

- How does supplier invoicing fraud work
- How Proofpoint addresses common email fraud use cases
- How Proofpoint helps mitigate risk from risky suppliers

With the massive shift to remote working in 2020, organizations are racing to rethink their security programs to both guard from external attacks as well as manage risk from insiders. Modern approaches to insider threat management must incorporate investments in People, Process, and Technology. This means formalized insider threat management programs; it means investment in insider threat management technologies; and it means building resilience into the fabric of your organization with training.

Join Proofpoint and (ISC)2 on February 23, 2021 at 1:00pm Eastern as we kick off the new year with a discussion about security awareness, education and insider threat management and how best to defend your organization and arm your users to mitigate an insider incident.

With the massive shift to remote working in 2020, organisations are racing to rethink their security programs to both guard against external attacks and manage insider risk. Many organisations treat these two issues as equal, when the people-centric nature of insider threats requires an entirely different approach.

Modern approaches to insider threat management must account for accidental, compromised and malicious insiders. These trusted insiders can be employees, partners or third-party contractors. A critical challenge is building practical, technology enabled insider threat management programs that account for these different insider threat types, while protecting against potential data and intellectual property loss.

Join Proofpoint and (ISC)2 on February 23, 2021 at 13.00 GMT for a live discussion about insider threat management and how best to mitigate insider risk. Rob Bolton, Sr Director at Proofpoint Information Protection and Brandon Dunlap will be discussing:

- The unique risks of insider threats and how to protect against data loss
- Practical tips inspired by real-world breaches
- How to take a people-centric approach to strengthen resilience and reduce insider risk

Cloud-based productivity tools like Microsoft 365 keep your business operating, especially in today’s digital-first environment. Yet securing data and adhering to data privacy, record keeping, and other communications regulations can be a significant challenge.

In this webinar, Proofpoint’s resident CISO, John Checco leads a 30-minute discussion about how your peers are addressing these challenges and the steps you can take to ensure compliance across your Microsoft ecosystem.

This session covers:

- Common privacy and compliance challenges and pitfalls when it comes to Microsoft 365
- How your capture and archive strategy can augment your information protection program
- How Proofpoint’s people-centric approach to security and compliance can help you

When it comes to modern Cybersecurity – ultimately your users are your last line of defence. So you need to arm them with both knowledge and practice to mould dynamic, alert guardians of both your organisation and your data. The key to your success is engaging, entertaining - and crucially - topical security awareness training.

So where to start, or how to renew your program? Are you one of the 80% of organisations who allocate two hours or less per year for security awareness, how useful do you judge this small amount of user training to effect behaviour change?

Join our Security Awareness Training experts as we review valuable strategies on how to create and sustain an impactful cybersecurity awareness education program. Plus we delve deep into thought-leadership on the following questions:

- How do I ensure my users embrace the training? Who are the key influencers internally?
- What is the minimum – and maximum – levels of training shown to have been successful?
- How do I motivate and reward my last line defenders?
- What reporting and measures are the most pertinent to the IT team and alternatively to the C-suite?

Die digitale Transformation zeigt immer schneller ihre Auswirkungen auf die Arbeitswelt und beeinflusst immer stärker die Cybertrends.
Auch Ihr Unternehmen hat Ressourcen der Rechenzentren zunehmend ausgelagert und das Arbeiten an entfernten Standorten ermöglicht. Ihre Mitarbeiter sind der neue Perimeter!

Wissen Sie genau, wann oder wie Ihre Führungskräfte ins Visier genommen werden? Wissen Sie, wer die Personen in Ihrer Organisation sind, die am häufigsten im Cyberspace angegriffen werden?
Sind Ihre häufig angegriffenen Personen – die sog. „very attacked people“ (VAPs) dieselben wie Ihre “very important people” (VIPs)? Und wissen Sie, wie sich die Verhaltensschwachstellen und Zugangsprivilegien Ihrer „VAPs“ überschneiden?
Mehr als 99% aller gezielten Cyber-Angriffe nutzen eher menschliche Fehler als Systemfehler aus.

Sie sollten das größte Kapital Ihres Unternehmens schützen: Ihre Mitarbeiter und die Daten, auf die sie Zugriff haben. Sie sollten Einblick in die riskanten Verhaltensweisen haben, die darauf hindeuten, dass Ihre Mitarbeiter auf einen modernen, sog. Social Engineering Angriff hereinfallen könnten.
Die einzige Möglichkeit, die heutigen fortschrittlichen Angriffe erfolgreich zu bekämpfen, besteht darin, sich auf den Schutz Ihrer Mitarbeiter zu konzentrieren.

In diesem Vortrag werden Markus Grueneberg von Proofpoint, erklären:

- Arten von externen und internen Bedrohungsprofilen
- warum der Übergang zu einer auf die Person ausgerichtete Sicherheit relevant, dringend und längst überfällig ist
- Einführung der neuen, von Personen ausgehende Bedrohungsinformationen, die erforderlich sind, um Ihre personenzentrierte Cyber-Sicherheitsstrategie zu priorisieren, umzusetzen und weiterzuentwickeln.

Alors que votre organisation externalise de plus en plus ses centres de données et permet le travail à distance, vos collaborateurs constituent votre nouveau périmètre de sécurité. Mais savez-vous quand et comment vos cadres sont ciblés ? Vous connaissez vos VIPs mais qui les VAPs (Very Attacked People) de votre organisation ? Et savez-vous comment réduire leur vulnérabilité et gérer leurs privilèges afin de protéger les éléments précieux auxquels ils ont accès ?

Plus de 99 % de toutes les cyberattaques ciblées exploitent des erreurs humaines plutôt que des failles du système. Vous devez protéger les principaux atouts de votre entreprise, à savoir ses collaborateurs et les données auxquelles ils ont accès. Par conséquent, avoir la visibilité sur les comportements à risque de vos collaborateurs est primordiale.

Durant cette présentation, Loïc Guézo Directeur Senior, Stratégie Cybersécurité, chez Proofpoint et Antoine Bajolet, RSSI, Membre de CLUSIF vous expliqueront :

•quels sont les types de menaces externes et internes auxquels vous devez faire face
•pourquoi le passage à une sécurité centrée sur les personnes est pertinent, urgent et attendu depuis longtemps
•comment introduire la Threat Intelligence pour établir des priorités, mettre en œuvre et faire évoluer votre stratégie de cybersécurité centrée sur les personnes

Cyber criminals are taking a people-centric approach to phishing attacks. Is your organization taking a people-centric approach to phishing prevention? This webinar covers Proofpoint’s seventh annual State of the Phish report which delivers critical, actionable insights into the current state of the phishing threat. Our experts take a deep dive into:

- The end-user awareness and knowledge gaps that could be negatively impacting your cybersecurity defenses.
- The impacts infosec professionals are experiencing as a result of phishing attacks and the ways they’re attempting to combat these threats
- How organizations are delivering phishing awareness training, and the ways they measure program success

The new reality of cybersecurity revolves around information protection. Security teams must protect remote workers, the cloud apps they use, and the data they access. Is your cloud DLP solution up to the challenge?

This 30-minute webinar dives into best practices for cloud DLP. We will cover:

- The people-centric future of Information Protection
- The content, threat, and behavior telemetry needed to address the full spectrum of data loss scenarios
- 5 steps to building a successful cloud DLP solution

Collaborative technology came of age in 2020, with rapid adoption and overarching reliance on Zoom, Teams, Slack and/or Skype. Beyond the humble email, these have all become crucial tools for business activity.

2021 will be no different and these collaboration tools are here to stay. This opens up a series of new challenges for organisations, as existing supervision and e-discovery capabilities need to be extended to these platforms, to ensure compliance with all current international legislation.

So whether you are wondering how do you archive all comms including email in 2021, have challenges in accessing that archive quickly and efficiently or still unsure if you are meeting all compliance requirements, this session is just what you need…

Join us in this live discussion with leading Archiving and Compliance experts as they dive deeper into:

The use of Outlook 365 archive and when does this need to be augmented.
What to consider when reappraising content & comms compliance.
What do you need to future proof existing archiving and compliance systems for the demands of tomorrow.

Cyber criminals are taking a people-centric approach to phishing attacks. Is your organization taking a people-centric approach to phishing prevention? Join this webinar for Proofpoint’s seventh annual State of the Phish report as it delivers critical, actionable insights into the current state of the phishing threat.

Our experts will deep dive into:

- The end-user awareness and knowledge gaps that could be negatively impacting your cybersecurity defenses.
- The impacts infosec professionals are experiencing as a result of phishing attacks and the ways they’re attempting to combat these threats
- How organizations are delivering phishing awareness training, and the ways they measure program success

Email fraud continues to be a top concern for CISOs in 2021 - especially email fraud within supply chains. So how can you better protect your company?

Our case study webinar dives into how Jeff Henze, Information Security Analyst at Shelter Insurance, and Nathan Thoenen, Security Engineer at Prime Inc., detect and stop attacks that leverage both impersonation and account compromise. In this 45-minute session, our panelists discuss:

- Their challenges with supplier email fraud
- How they are tackling email fraud attacks
- What security controls & programs can help mitigate your risk

The healthcare cyber threat landscape drastically changed over the past year as health-related email lures plagued the industry. The 2020 HIMSS Cybersecurity Survey indicated that 89% of healthcare cyber attacks had email as the initial point of compromise. So what should you be watching for in 2021?

Listen in on Ryan Witt, Managing Director, Healthcare Industry Practice at Proofpoint discuss the unique risks of healthcare threats and how to protect your healthcare organization from cyber criminals during this 30-min Threat Intelligence Briefing. We discuss:

- Recent attacks and trends in the healthcare space
- Social engineering tactics used by cyber criminals to launch their exploits
- Controls to put in place to better protect those targeted by these sophisticated attacks

The world has gone digital in the wake of the pandemic, and social media has become a critical communication channel for businesses. To get the right results and protect your business from risk, you need to do more than just unleash your employees.

In this webinar, experts from Proofpoint, Hootsuite, and Upcontent discuss how to successfully enable your employees to represent your business on social media channels: content curation, social reach, and compliance. Our speakers cover strategies for:

- Curating content that will resonate with your audience
- Boosting your social reach with a robust employee advocacy program
- Ensuring employee activity complies with regulations and corporate governance policies

For financial services firms, many cyber incidents and fraud is the result of errors, oversights, or deliberate mischief of individual employees. Whether cyber threats are user or attacker-enabled, companies need to focus not only on technical offenses but also human defense tactics. So how can you better protect your company in 2021?

During this webinar, our experts look at how financial services firms are making strides in enabling users and improving security posture by applying a people-centric security model. We discuss:

- The elements of a people-centric model in financial services
- Examples of observed threats in the sector
- Guidance on people-centric program implementation and tactics