New Study on How Cybercriminals Target People, Not Systems
Proofpoint, a Sunnyvale-based cybersecurity and compliance company, announced the findings of its annual Human Factor Report findings, which highlight the ways in which cybercriminals target people, rather than systems and infrastructure, to install malware, initiate fraudulent transactions, and steal data.
“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “More than 99 percent of cyberattacks rely on human interaction to work—making individual users the last line of defense.”
Nearly one in four phishing emails sent in 2018 were associated with Microsoft products. 2019 saw a shift towards cloud storage, DocuSign, and Microsoft cloud service phishing in terms of effectiveness. The top phishing lures were focused on credential theft, creating feedback loops that potentially inform future attacks, lateral movement, and internal phishing.
The report says the education, finance, and advertising/marketing verticals topped the industries with the highest average attack severity and risk. Impostor attacks were found to be at their highest levels in the engineering, automotive, and education industries last year, averaging more than 75 attacks per organization. Supply chain complexities were cited as contributing factors to vulnerability. In the first half of 2019, the most highly targeted industries shifted to financial services, manufacturing, education, healthcare, and retail.
To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users. The report is based on an 18-month analysis of data collected across Proofpoint’s global customer base.
The data underscore the need for effective employee training in combatting cyberattacks.
Axcient Introduces Lead Generation Program for MSPs
Axcient, a Denver-based specialist in business availability and cloud migration solutions MSPs, has rolled out a lead generation program designed to help MSPs identify and close new business opportunities.
The Axcient Business Availability suite—which includes Replibit, BRC, CloudFinder, Anchor, Fusion, and the Axcient Cloud—enables MSPs to build secure technology stacks for their customers.
“To help our partners grow and expand their businesses, we created a lead-gen program so they can easily acquire new clients and opportunities,” said Corey Banner, director of Partner Success. “As a channel-focused company, we are taking the end-user leads we generate and qualify each month and sharing them directly with our partners.”
According to the announcement, the company is consistently generating end-user leads in North America and the U.K. When the leads come in, Axcient qualifies the leads, and then brings the opportunities to partners. The leads, along with billing, support requests, and marketing are to be managed from a portal.
One of the top challenges MSPs face is attracting new clients. Some are less focused on marketing as compared to the technology services they provide. I nitiatives like this one are intended to increase profitability and channel loyalty while helping the vendor to build higher growth rates.
Tech Data, Opaq Forge Network Security-as-a-Service Alliance
Tech Data and Opaq have announced an agreement with Opaq to deliver network security-as-a-service and hyperscale performance through the Opaq cloud platform.
The platform is designed to help service providers monitor, secure and manage client networks and deliver comprehensive enterprise-grade security.
“Digital transformation is driving the need for network and security modernization,” said Glenn C. Hazard, Chairman and CEO of Opaq. “This is an immense challenge for organizations, especially in the mid-market. As a result, companies are increasingly evaluating cloud-delivered security solutions and leaning on service providers to help them secure their journeys to the cloud.”
The alliance is intended to help partners embed security into a cloud-based networking solution delivered over a private network. Partners can then add their own value-added services to that value proposition.