In an increasingly interconnected labor world, where communication flows through multiple channels such as Slack, Teams, Zoom, SMS or email, the cybersecurity front has moved towards a more diffuse and dangerous land: people. About this, ProofPoint Alert about the growing risk of the fragmented digital environment and the vulnerability of the human factor, the “weakest link” in organizational defense against threats.
“Although the email remains the main vector of threats, the current work space has expanded including collaboration tools and relations with suppliers from which cybercriminals are used. The human factor has thus become the most vulnerable link in the organization in terms of cyber -defense,” they explain from Proofpoint. This reality has led the company to defend a holistic approach that integrally protects users.
The human factor, cyber attack risk
And, as their experts underline, cybercrime groups act increasingly sophisticated and organized, operating with a business logic: patients, methodical and with long -term objectives. “They don’t trust fast victories,” they warn. Its main strategy is to compromise an account to access, little by little, critical systems, sensitive data and corporate networks.
The attackers begin by analyzing public information from the company in social networks, employment portals or regulatory records. Thus they draw the organizational structure to identify a victim with privileged access. Then, they create a personalized decoy, such as an email that simulates legitimate communication with an apparently safe attached document or link. With a simple click and the introduction of credentials on a false page, the intrusion begins.
The attack surface in companies grows: thus a cybercrime is moved in the current digital work environment
Often, the victim does not even suspect that he has been deceived. While continuing with his daily work, the attacker already moves within the system, mocking security controls and preparing the next step: climbing privileges, consolidating his access, committing fraud or exfotting sensitive information. In this process, the offender can even supplant the user’s identity to deceive other employees with requests for urgent payments or apparently normal applications.
The complexity of the problem is that many organizations do not detect these movements in time. “The attackers are exploiting messaging platforms, cloud applications and file exchange services. This has created a fragmented security panorama with disconnected specific products, which results in higher operational costs and increasing security gaps,” warns the researchers.
Punctual detection and recommendations
In this context, a specific detection of a suspicious login is no longer enough. Without a deep analysis of user behavior, security equipment can remain “one step behind the attacker”, losing the opportunity to stop the damage before it is too late.
Hence the need to ask key questions: “Are threats being arrested before reaching employees? Do you trust their business communications ecosystem? Is the staff prepared to recognize and report attacks? Can you detect accounts compromised before they cause important damage? If the answer is not a sure yes, it is time to reevaluate the strategy,” they warn from Proofpoint.
The firm’s recommendation is to adopt a comprehensive and combined approach. This includes advanced detection systems, accounts protection through artificial intelligence, continuous and adapted training for users, Phishing protection on all platforms, identity supplant control and automation of security measures.
