Name: ISSA Thought Leadership Series: BEC Attacks – Who’s Impersonating Whom?
Start: 2020-06-17T17:00:00Z
End: 2020-06-17T17:00:59.000Z
Location: BrightTALK
Rating: 5

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. 

Today’s attackers aren't just tricking users – they’re delivering weaponized payloads like phishing URLs and malware-laced attachments designed to steal data and compromise systems. In this session, we’ll unpack findings from Proofpoint’s latest Human Factor report, revealing the emerging tactics behind today’s most dangerous email threats. Backed by threat intelligence from over 3.5 billion emails analyzed daily, our experts will break down the surge in compromised URLs, evolving malware delivery methods, and other communication channels that are under attack.

In this session, we’ll explore how payload-based threats are changing – and what your team can do to detect, block, and respond before users click. In this 30-minute session, we’ll cover:

- New insights from threat research on phishing trends and tactics
- How attackers are adapting to bypass technical controls
- Which new platforms threat actors are using to target users

The Human Factor: Weaponized Payloads and Modern Phish

In this session, we’ll demonstrate how to simplify email security for today’s lean, overextended security teams – despite an increasingly complex threat landscape. Whether you want to deploy in minutes using Microsoft 365 APIs or streamline SOC workflows with a more intuitive investigation experience, you need an enterprise-grade solution that offers speed and simplicity. In this 30-minute session, we’ll cover how to:

- Deploy advanced email threat protection in a few clicks
- Accelerate triage, investigations, and responses to email-based threats
- Gain visibility into the threat landscape faced by your organization

Simpler Email Protection for Tomorrow’s Sophisticated Threats

In a hybrid world, protecting sensitive data across email, cloud, and endpoints is a business imperative—not just a compliance task. But how can you prove the ROI of enterprise DLP? 
 
Join Proofpoint experts Brian Gleeson and Jeremy Wittkop with Enterprise Strategy Group Principal Analyst, Nathan McAfee as they reveal findings from the latest Economic Validation Report. Learn how organizations achieved a 182% ROI over three years with Proofpoint Enterprise DLP and why a people-centric approach delivers measurable risk reduction and efficiency gains.

You’ll discover how to: 
• Quantify the business impact of enterprise DLP 
• Align data protection investments with business outcomes 
• Build a compelling case for modern, people-centric DLP

Quantifying the Business Value of Enterprise DLP: Analyst Insights with Enterprise Strategy Group and Proofpoint

Aujourd'hui, les pirates ne se contentent pas de tromper les utilisateurs : ils diffusent des charges utiles telles que des URL de phishing et des pièces jointes contenant des logiciels malveillants, conçues pour voler des données et compromettre les systèmes. 

Au cours de ce webinaire de 30 minutes, nous présenterons les conclusions du dernier rapport de Proofpoint sur le facteur humain. Nous dévoilerons les nouvelles tactiques qui se cachent derrière les menaces par e-mail les plus dangereuses d'aujourd'hui. S'appuyant sur les informations relatives aux menaces issues de l'analyse quotidienne de plus de 3,5 milliards d'e-mails, nos experts analyseront la recrudescence des URL compromises, l'évolution des méthodes de diffusion des logiciels malveillants et les autres canaux de communication qui font l'objet d'attaques.

Nous explorerons comment les menaces basées sur les charges utiles évoluent et ce que votre équipe peut faire pour les détecter, les bloquer et y répondre avant que les utilisateurs ne cliquent. 

Nous aborderons les thèmes suivants :

* Nouvelles informations issues de la recherche sur les menaces concernant les tendances et les tactiques de phishing
* Comment les attaquants s'adaptent pour contourner les contrôles techniques
* Quelles nouvelles plateformes les acteurs malveillants utilisent pour cibler les utilisateurs

Le Facteur Humain

Communication extends far beyond email. Employees use collaboration tools, messaging platforms, cloud applications, social media, and file-sharing platforms to stay connected and productive. But cybercriminals are following — and exploiting — these very same platforms. 

Proofpoint Threat Research has seen a staggering 2,524% increase in URL-based threats delivered via SMS-based phishing (smishing) over the past three years. Once they compromise an account, attackers can exfiltrate data, deploy ransomware, commit financial fraud, and erode trust. 

How can organisations stay ahead of multichannel, human-focused attacks?  

Join us for this 30-minute webinar to learn how attackers are evolving their tactics - and how you can evolve your protection strategies.  

You’ll learn: 

> How social engineering tactics are designed to exploit human behaviour and manipulate how people interact with technology
> The anatomy of multichannel, multistage attacks in today’s digital landscape
> Practical strategies and key capabilities to stop threats across email and beyond

How to Defend Against Evolving Social Engineering Cyber Attacks

As the cyber threat landscape continues to evolve, so does the role of the CISO. The latest findings from Proofpoint’s Voice of the CISO 2025 Report, based on insights from 1,600 global CISOs, point to a familiar challenge with renewed urgency: people remain the greatest cybersecurity risk—now compounded by AI disruption and increasing boardroom pressure.

Join our panel of cybersecurity leaders from across EMEA as we examine the findings of Proofpoint’s Voice of the CISO 2025 Report. From insider threats and GenAI governance to growing tensions in the c-suite, we’ll unpack the top trends shaping the modern CISO’s agenda. 

You’ll gain insight into:

* Why human error remains #1 vulnerability – and why awareness isn’t translating into behaviour
* How CISOs are managing GenAI risk, balancing enablement with the fear of data loss
* Why rising confidence doesn’t equal readiness, with many CISOs still bracing for major attacks
* The mounting pressure inside the boardroom, and what’s causing misalignment at the top

Find out what’s keeping CISOs up at night and how they’re planning for what’s next. Whether you’re a security leader, risk professional or business executive, this is your opportunity to benchmark your strategy and hear directly from those on the front lines.

Voice of the CISO 2025: Managing Insider Risk, GenAI, and Executive Expectations

À mesure que le paysage des cybermenaces évolue, le rôle du RSSI évolue également. Les dernières conclusions du rapport “Voice of the CISO 2025” de Proofpoint, basé sur les observations de 1 600 RSSI à travers le monde, montrent un défi familier qui revêt aujourd'hui une urgence renouvelée : l’Homme reste le plus grand risque en matière de cybersécurité, un risque désormais aggravé par les perturbations liées à l'IA et la pression croissante exercée par les conseils d'administration.

Rejoignez notre panel français pour examiner les conclusions du rapport “Voice of the CISO 2025” de Proofpoint. Des menaces internes à la gouvernance de l'IA générative en passant par les tensions croissantes au sein des équipes de direction, nous décrypterons les principales tendances qui façonnent l'agenda des RSSI modernes. 

Vous découvrirez :
•    Pourquoi l'erreur humaine reste la vulnérabilité n° 1 et pourquoi une prise de conscience ne se traduit pas forcèment en comportement
•    Comment les RSSI gèrent le risque lié à l'IA générative, en trouvant un équilibre entre l'autorisation d’usage et la crainte de la perte de données
•    Pourquoi une confiance croissante n'est pas forcément synonyme de préparation, de nombreux RSSI se préparant encore à des attaques majeures.
•    La pression croissante au sein des conseils d'administration et les causes du désalignement au sommet.

Découvrez ce qui empêche les RSSI de dormir et comment ils se préparent pour l'avenir. Que vous soyez responsable de la sécurité, professionnel du risque ou dirigeant d'entreprise, c'est l'occasion pour vous d'évaluer votre stratégie et d'entendre directement ceux qui sont en première ligne.

Voice of the CISO 2025: Gérer les risques internes, l'IA générative et les attentes des dirigeants

Insider threats continue to make headlines. Espionage, sabotage, fraud, and data theft – the past year has seen it all. Despite these dangers, many organizations lack a structured approach to managing these risks, leaving them vulnerable. How can you proactively identify insider threats and better protect your organization?

During this 30-minute session, we will explore this year's headline-grabbing incidents that illustrate a worsening problem with insider threats. You’ll hear:
- The unexpected ways insiders can disrupt your business and damage your brand
- The increasing risk of new employees, and what to do about it
- Best practices for managing insider threats and risks to your organization, with lessons learned

2025 Update: The Biggest & Boldest Insider Threats

Despite significant investment in traditional DLP tools, many organizations still struggle to prevent data loss. Why? Because legacy solutions weren’t designed for the way people work today. With hybrid work, cloud file sharing, and AI-fueled productivity tools, data protection requires human-centric insights that combine content and behavior more than ever.

Beyond Legacy: Why Traditional DLP Falls Short

Phishing remains one of the most effective cyberattack methods and it’s evolving fast. So far, in 2025 we’ve seen attackers deploy more sophisticated attacks, leveraging AI, geopolitical tensions, social engineering and new digital channels to target individuals and organisations across EMEA.

Proofpoint’s Carl Leonard, EMEA Cybersecurity Strategist, and Davide Canali, Threat Research Director, are back with an update on the 2025 threat landscape. They’ll be joined by Haifa Ketiti, Staff Sales Engineer, and Anna Akselevich, Threat Researcher, with real-life case examples from the field.

We’ll review the threat landscape across EMEA with special interest to developments in the Middle East. With increased digitalisation and geopolitical instability in this region, threat actors - both state-sponsored and criminal - are launching sophisticated phishing campaigns that ripple across Europe. 

Join our cybersecurity experts as they uncover with real examples the most cunning types of phishing attacks threatening organisations today, including:
• Business Email Compromise (BEC): still the silent assassin, now enhanced with AI-generated messages and deepfake audio.
• Credential Phishing: targeting cloud platforms and collaboration tools like Teams and SharePoint.
• AitM (Adversary-in-the-Middle) phishing: the growing availability of kits and services that bypass Multi-Factor Authentication (MFA) 
• Brand Impersonation: exploiting trust in consumer-facing brands to lure users into clicking.
• Smishing and Vishing: expanding beyond email to mobile and voice channels.

…and more!

Make sure your users don’t get caught in the net with a new wave of phishing attacks in 2025!

Phishing in 2025: AI, Social Engineering & the New Threat Landscape

Recent Proofpoint research reveals that 99%1 of organizations face regular account takeover (ATO) attempts. Attackers often employ phishing and other techniques as part of multi-stage attacks aimed at compromising user accounts. Additionally, attackers are increasingly targeting suppliers and business partners, using compromised third-party accounts to broaden the attack surface and intensify the impact on your organization.

The Two Sides of Account Compromise: Defending Against Employee and Supplier Account Takeover Attacks

The race to harness generative AI for innovation and efficiency is reshaping how organisations develop products, deliver services, and empower their workforce. From internal productivity tools like MS Copilot to customer-facing chatbots, AI-driven applications are becoming integral to modern business strategy. But speed comes with risk - particularly the exposure of sensitive and proprietary data through AI training pipelines or interactions with generative models.

Join this 30-minute webinar to explore how organisations can embrace the promise of AI while mitigating the associated data security challenges.  Learn how Proofpoint’s Data Security Posture Management (DSPM) solution empowers organisations to:
- Identify active AI services and the data they can access
- Detect and classify sensitive data across environments used for AI development
- Prevent unauthorised training of Large Language Models (LLMs) on sensitive information

Embracing AI Without Compromising Data Security

Sind Sie auf die Einhaltung der NIS-2-Richtlinie und der DORA-Verordnung vorbereitet?

Wie wirkt sich die Vorbereitung auf NIS 2 und DORA auf Ihre Organisation aus? Was ist der Unterschied zwischen den beiden? Wo sollten Sie beginnen? 
 
Nehmen Sie an unserem 45-minütigen Webinar teil, in dem wir die wichtigsten Aspekte von NIS 2 und DORA für EU- und Nicht-EU-Organisationen erläutern. Außerdem gehen wir auf die einzigartigen Möglichkeiten ein, die sie bieten, um die Cybersicherheitslage Ihres Unternehmens und Ihrer Lieferkette zu verbessern. 
 
Was Sie lernen werden: 

- Verstehen Sie die neuesten Grundsätze von NIS 2 und DORA
- Entdecken Sie praktische Schritte zur Vorbereitung
- Lernen Sie von Fallstudien und Erfolgsgeschichten aus der Praxis
- Erhalten Sie Antworten auf Ihre Fragen von unseren Experten für Cybersicherheit

Lassen Sie sich diese Gelegenheit nicht entgehen, um in der sich ständig weiterentwickelnden Cybersicherheitslandschaft die Nase vorn zu haben! Registrieren Sie sich noch heute.

NIS 2 und DORA erklärt

Protecting student and research data

As academia embraces digitisation to enhance access, collaboration, and cost-efficiency, the risk of cyber threats grows. Universities manage vast amounts of sensitive data - from student records to cutting-edge research - making them prime targets. Their open, complex IT environments heighten vulnerability to phishing, insider threats, and accidental data leaks.

Join us for an exclusive discussion with Mal Allerton, Former CIO of the University of Southampton, as he shares real-world insights into the evolving threat landscape facing universities today. Discover how institutions can tackle data loss, insider threats, and the growing complexity of securing academic environments. 

What you’ll learn:

> How university priorities can be balanced with the need to preserve its reputation and reduce the cost of a security incident
> How to address the unique challenges of securing research data, student records, and intellectual property
> Practical steps to reduce data loss risk and improve your institution’s security posture
> The cultural and human factors behind accidental data leaks
> Balancing privacy, collaboration and security

Preventing Data Loss in Higher Education

The 2019 HMSS Cybersecurity Survey indicated that email is the initial point of compromise for healthcare cyber-attacks, with Business Email Compromise (BEC) becoming the favored tactic by cybercriminals. Because BEC emails do not carry malicious payload and are narrowly targeted, it’s difficult for health institutions to detect these attacks. With overall losses of more than $1.7 billion in 2019, BEC attacks are quickly becoming a significant headache for healthcare CISOs. Join us for a deep dive into the dos and don’ts when it comes to BEC, and best practices to mitigate against risk of this vital attack vector.

ISSA Thought Leadership Series: BEC Attacks – Who’s Impersonating Whom?

BEC Attack

hmss

Hackers

Email Security

Cyber Security

Cyber Attacks

Cyber Crime

Health IT

protect #1 threat vector

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

ISSA Thought Leadership Series: BEC Attacks – Who’s Impersonating Whom?

Presented by

About this talk

Proofpoint