When we think of insider threats, rogue or disgruntled employees may first come to mind, but the threat could be unintentional from your most loyal, faithful employees -- your executive team, investors, your CEO or even yourself.
How? Phishing attacks have become so pervasive and so compelling, that it’s presumably more likely that one or more of your well-meaning users fall for one of these spoofs, inadvertently granting their account access to an attacker. For example, just before the holidays, we discovered a phishing attack disguised as a FedEx delivery notification, prompting Office 365 users to click a link to track their package. Upon clicking the link, they were taken to a duplicate Office 365 login page, requesting the user’s ID and password. Upon submission, the user’s credentials were immediately provided to the attacker (read more here).
And if you think that Microsoft Office 365 or Gmail's native filters will catch these phishing attacks from reaching your users, think again.
Jeff Madsen, CTO of ALEX (Alternative Experts, LLC) faced a November 30, 2016 deadline to comply with Executive Order 13587 from the National Counterintelligence and Security Center’s National Insider Threat Policy – which requires federal contractors to establish a program to detect, deter and mitigate insider threats.
To protect the company’s Office 365 email and OneDrive file sharing, Jeff knew he needed protection beyond Microsoft’s native security capabilities. Specifically, he was looking to protect his users’ mailboxes from malware, ransomware, phishing and compromised credentials. In fact, most of the malware he was seeing was in fact, reaching his users’ inboxes. He spent months evaluating every product he could find in the ‘cloud security’ market, but found nothing that could meet his requirements. For OneDrive, he needed a way to ensure that sensitive information wasn’t being used inappropriately by his employees or getting leaked externally.
Fortunately, just days before the deadline, Jeff discovered Avanan and in just 15 minutes, he applied Check Point Antivirus and Sandblast Malware Sandboxing, Solebit Predictive Malware Protection and Cyren Anti-Phishing.
The results were immediate and compelling enough for him to become another enthusiastic advocate of the Avanan platform. He recently spoke to CyberSecurityTV about his cloud security initiatives and included Avanan in his review. Here’s a 2-minute highlight reel from the conversation.
If you would like see firsthand how the Avanan platform can protect your organization from inadvertent insider threats executed by your users via malware, ransomware, phishing attacks and data leakage, start your free trial today.