How Okta and Proofpoint Defend the New Perimeter: People

The balance of power between codebreakers and those keeping information safe has shifted back and forth throughout history. But one oversight has remained constant: defenders focus on systems, while attackers focus on people.

Businesses still aren’t allocating the right amount of their security budgets to protecting a critical target: their people. That’s despite the fact that 96% of data breach issues start with a person rather than technology - and that was before the massive move to remote work in 2020. This failure to address a company’s true point of vulnerability has seen a 2,000% rise in businesses of all sizes falling victim to simple email compromises since 2015. As a result, email compromise is now a $26 billion global issue.

Today’s threat landscape is dominated by attacks that target people and their access credentials. And businesses need to adapt.

Flipping the attack paradigm

Companies used to reinforce their networks to prevent security breaches. But organizations are now dispersed: businesses need to shift their mindset from preventing attacks on their infrastructure to focus on who’s getting attacked. However, it isn’t always obvious which people need the most protection.

Leading cybersecurity company Proofpoint is helping businesses to identify these individuals by uncovering VAPs, or very attacked persons. The VAP model pinpoints:

  • Who adversaries are interested in: employees who receive highly targeted, very sophisticated, and/or high volumes of malicious material
  • Who is most likely to fall for attacks: employees who click on malicious content, fail security awareness training, or use risky devices or cloud services
  • Who represents risk if they’re compromised: employees who have access to critical resources and sensitive information or could be used as a vector for later movement within the organization by an attacker

Approaching security in this way helps businesses understand their true risks. For example, a financial services organization identified 24 VAPs that were extraordinarily targeted across a workforce of tens of thousands of people. This small group included likely targets such as its CFO and accounts payable employees, but also a VP of Platform Services who attackers had identified as a key target because he had access to nearly every internal system.

Every organization has its own unique threat landscape and adversaries. Looking at risk through the lens of VAPs enables companies to understand the attack surface they face and the customized security controls needed based on the different types of threats that employees are being targeted with.

How Proofpoint partnered with Okta

Proofpoint and Okta teamed up to create a powerful integration that helps businesses to better protect their people via the Okta Identity Cloud. Proofpoint’s Targeted Attack Protection (TAP) product helps organizations to identify their most at-risk employees and apply the appropriate defenses. It works in stages:

1. TAP identifies VAPs. The list of people being targeted at an organization changes minute by minute, so the TAP API is dynamic in order to proactively protect risky employees.

2. A VAP Group is created and exported to the Okta Identity Cloud. The VAP Group changes continuously as attackers evolve their methods. Based on the group, Okta can automatically enforce measures and security controls to protect the people identified, with no manual intervention required.

3. Organizations can advise VAPs on why they are in the VAP Group. It’s a good idea for employees to be told they are among the most targeted people in the business and that they are under attack—this gives VAPs the opportunity to assess their current behaviors, and companies the chance to provide further security training.

4. Adaptive security policies are applied to the VAP Group. Companies can adapt the ways in which VAPs access resources through changes to authentication and password policies, factor enrollment, and application sign-on. Factors can be adjusted dynamically as a powerful way to understand risk and transform it into control.

Protect your people with Proofpoint and Okta

It used to be easier for an attacker to trick a computer into granting them access to a business’ valuable data than a person, but that attack path has shifted. People are now the easiest, most effective attack vector for malicious actors, and businesses need to respond.

Real-time visibility into which employees are being targeted is essential to a modern risk management strategy, and can help lay the foundation for a Zero Trust framework. And securing the cloud will mitigate oversharing, account takeover and compromised applications. Adjust your perimeter and give your people the tools they need to keep their work—and your organization—secure.

Proofpoint Security Awareness Training was one of the fastest-growing apps in Okta’s B@WFH Report. Check out the full report here and discover how to protect your business’s perimeter with the Okta Identity Cloud.