Inside Out: Protecting from Unintentional Insider Threats (Video 2:16)
- Posted by
Michael Landewe on January 10, 2017
When we think of insider threats, rogue or disgruntled employees may first come to mind, but the threat could be unintentional, coming from your most loyal, faithful employees—your executive team, investors, your CEO, or even yourself.
Phishing attacks have become so pervasive and compelling, that it’s presumably more likely that one or more of your well-meaning users falls for one of these spoofs, inadvertently granting their account access to an attacker. For example, just before the holidays, we discovered a phishing attack disguised as a FedEx delivery notification, prompting Office 365 users to click a link to track their package. Upon clicking the link, they were taken to a duplicate Office 365 login page requesting the user’s ID and password. Upon submission, the user’s credentials were immediately provided to the attacker.
If you think that Microsoft Office 365 or Gmail's native filters will prevent these phishing attacks from reaching your users, think again.
Jeff Madsen, CTO of ALEX (Alternative Experts, LLC), faced a November 30, 2016 deadline to comply with Executive Order 13587 from the National Counterintelligence and Security Center’s National Insider Threat Policy, which requires federal contractors to establish a program to detect, deter, and mitigate insider threats.
To protect the company’s Office 365 email and OneDrive file sharing, Jeff knew he needed protection beyond Microsoft’s native security capabilities. Specifically, he was looking to protect his users’ mailboxes from malware, ransomware, phishing, and compromised credentials. In fact, most of the malware he was seeing was reaching his users’ inboxes. He spent months evaluating every product he could find in the cloud security market, but found nothing that met his requirements. For OneDrive, he needed a way to ensure that sensitive information wasn’t used inappropriately by his employees or leaked externally.
Just days before the deadline, Jeff discovered Avanan. In just 15 minutes, he activated Check Point Antivirus and Sandblast Malware Sandboxing, Solebit Predictive Malware Protection, and Cyren Anti-Phishing.
The results were immediate and compelling enough for him to become another enthusiastic advocate of the Avanan platform. He recently spoke to CyberSecurityTV about his cloud security initiatives and included Avanan in his review. Here’s a 2-minute highlight reel from the conversation:
If you would like see firsthand how the Avanan platform can protect your organization from inadvertent insider threats from your users via malware, ransomware, phishing attacks, and data leakage, start your free trial today.