Eliminate the 49% of Documents that Contain Data Breaches Webinar

© Concept Searching 2017
Eliminate the 49% of Documents that
Contain Data Breaches
Carla Mulley
Vice President of Marketing
Concept Searching
carlam@conceptsearching.com
www.conceptsearching.com
marketing@conceptsearching.com
Twitter @conceptsearch
John Challis
Founder and Chief Executive Officer
Concept Searching
johnc@conceptsearching.com

Carla Mulley – Vice President of Marketing at Concept
Searching has spent the past twenty years concentrating on
metadata, auto-classification, and taxonomy technologies.
She provides the strategic marketing direction and tactical
oversight of the Concept Searching product suites.
John Challis – Founder and Chief Executive Officer of
Concept Searching is an experienced entrepreneur, having had
success with several previous ventures involving the management
of unstructured data. He is the originator of the company’s
compound term processing technology and is the driving force
behind the product strategy.

Agenda
• Who we are and what we do
• Big and small picture
• Data breach targets
• Email
• Mobile security
• Ransomware
• Shadow IT
• Collaboration
• Provisioning
• SharePoint and Office 365
• Demo – Automatic identification of confidential information
• Recommendations
• Where we can help and case study
• Appendix – Ins and outs of hacking, common risks, security checklist

• Company founded in 2002
• Product launched in 2003
• Focus on management of structured and unstructured information
• Profitable, debt free
• Technology Platform
• Delivered as a web service
• Automatic concept identification, content tagging, auto-classification,
taxonomy management
• Only statistical vendor that can extract conceptual metadata
• 8 years KMWorld ‘100 Companies that Matter in Knowledge Management’
8 years KMWorld ‘Trend Setting Product’
• Authority to Operate enterprise wide US Air Force, NETCON US Army,
and Canadian SLSA
• Client base: Fortune 500/1000 organizations in Healthcare,
Financial Services, Manufacturing, Energy, Professional Services,
Pharmaceutical, Public sector and DoD
• Microsoft Gold Certification in Application Development
• Member of SharePoint PAC and TAP programs
• Deployed as a full trust Add-in for all versions of SharePoint on-premises
and SharePoint Online, including the latest vNext dedicated platform and the
government cloud
The Global Leader in
Managed Metadata Solutions

Concept Searching’s technology platforms deliver
semantic metadata generation, auto-classification and
taxonomy/Term Store management, and are fully
integrated with all versions of SharePoint on-premises,
Microsoft Online/Office 365, and OneDrive for Business
What Do We Do?
These infrastructure platforms integrate not only with
SharePoint but also other content repositories, search
engines and file shares, enabling our clients to add
structure and manage their enterprise content,
regardless of environment
The resulting classification metadata is used by clients
to deliver ‘intelligent metadata solutions’ in areas such
as enhanced search, migration, data privacy, records
management, policy enforcement, compliance, text
analytics, and business and social collaboration

A manual metadata approach will fail 95%+ of the time
Issue Organizational Impact
Inconsistent Less than 50% of content is correctly indexed, meta-tagged or
efficiently searchable rendering it unusable to the organization (IDC)
Subjective Highly trained information specialists will agree on meta tags between
33%-50% of the time (C. Cleverdon)
Cumbersome – expensive Average cost of manually tagging one item runs from $4-$7 per
document and does not factor in the accuracy of the meta tags nor the
repercussions from mistagged content (Hoovers)
Malicious compliance End users select first value in list
(Perspectives on Metadata, Sarah Courier)
No perceived value for end user What’s in it for me? End user creates document, does not see value
for organization nor risks associated with litigation and
non-conformance to policies
What you have seen Metadata will continue to be a problem due to inconsistent human
behavior
Automatic Multi-term Metadata Generation

Unique Approach – Compound Term Processing
• Remains unique in the industry
• Ability to identify and correctly weight
multi-word concepts in unstructured text
7
Concept Searching
provides Automatic
Concept Term Extraction
Triple
Baseball
Three
Heart
Organ
Center
Bypass
Highway
Avoid

“One third of people using a computer experienced some form of
web attack during 2016. Over 750,000 computers suffered from a
ransomware infection and the number is steadily increasing.”
Kaspersky Labs

The Changing Landscape of Digital Security
• Common thread is loss of control, trust does not equal
ownership
• All entities must be considered potentially hostile, including
users
• Huge number of resource combinations
• Context becomes critical in making real-time decisions
• Increasing ineffectiveness of traditional security controls,
firewall, anti-virus
• Need to shift up the security stack to protect information
• Extremely difficult to detect compromises
• Data breaches running 29% higher than last year (NewsFactor)
Some pundits say
“You are already infected – you just don’t know it”

• Neustar study shows outages caused by DDoS led to
losses of between $50,000 and $100,000 per hour
• EMC study suggests data loss and downtime cost a total of
$1.7 trillion each year due to downtime and data loss
• Volume of lost data has increased by 400%
• On average
• Businesses experienced 25 hours of unexpected
downtime
• 36% incurred revenue loss
• 34% had delays in product development
• Only 6% had a disaster recovery plan for big data, hybrid
cloud, and mobile
• Over 50% don’t have a plan for any of the above
• 62% consider these environments hard to protect
The Costs

The Problem
• Nearly 1.4 billion data records were lost or stolen in 2016
• 68% of all breaches are caused by internal users
• 88% of those are due to negligence
• 80% use unsecure file sharing methods
• Average cost to recreate a record involved in a data breach is $217
• Hidden data in documents accounts for the highest number of exposures
• 94% of organizations believe their perimeter security is good enough
• 3 million records are ‘lost’ or stolen every day
• 75% of all breaches target small and medium businesses
• Black market value of stolen information is estimated at $120 billion
Repercussions
• The average cost of a data breach is $4 million
• The average cost of brand damage is $3.3 million – yes, on top of the $4 million
The Organization

What Is Your Manager Doing?
• 49% of managing directors and C-level executives have used a personal email
address to send sensitive business information
• 57% have left sensitive information on a shared printer
• 40% have sent information over an unsecured wireless network
• 43% have disposed of documents in a potentially unsecured trash bin
• 39% have lost business information in a public place
• But lower-level employees seem to be more aware of security compliance
• 29% said they left confidential information on a printer
• 15% have lost business information in a public place
(Opinion Matters Survey, commissioned by Iron Mountain)

• Executives were asked what was in place at their organization and why they
did not follow organizational procedures
• 21% of C-level executives said the processes are too complex and so
they evade them
• 14% said they don't follow company policies because they are too
complicated
• 6% responded they were unaware of their company's policies altogether
Why the Disconnect or Confusion?
And yet, in another survey speaking to executives,
“An overwhelming 85% of them told us they believe that cyberattacks
will become more frequent and costly over the next 12 months.”
Views from the C-Suite

“80% of hackers say YOU are the most responsible for data breaches.”
Thycotic User Conference

What Are You Doing?
• Productivity has flatlined, despite the digital workplace, and workers feel
• Disconnected
• Overwhelmed
• Productivity versus risk
• Internal data breaches account for 68% of all breaches
• Accidental, malicious, negligent
• Access to sensitive data has increased
• Includes privileged users – contractors, partners, vendors
• Can be as simple as taking files home to work on them
• Bring Your Own Device (BYOD) poses persistent challenges
• Distinctions between work and personal information kept on employee devices
is blurring
• Hazy or non-existent employer policies
• Poor user role in security and maintenance
• One in four security administrators abuse their rights

“Many businesses continue to prioritize perimeter security without realizing
it’s largely ineffective against sophisticated cyberattacks.”
Kaspersky Labs

Email
Security Challenges
• Business email phishing
• Spam/junk email is not good protection
• Ransomware on the rise
• Credential phishing – 91% start through
phishing and spear phishing (Mimecast)
• Malware – URLs and attachments
• Business email compromise (BEC)
• Bypassing ‘next generation’ defenses
• 12% click on malicious attachments
• Contextualized data as a priority to protect
• Poor education
92% of organizations have stolen
credentials for sale on the Dark Web
Top 10 Subject Lines Q2 2017
• Security Alert – 21%
• Revised Vacation & Sick Time Policy – 14%
• UPS Label Delivery
1ZBE312TNY00015011 – 10%
• BREAKING: United Airlines Passenger
Dies from Brain Hemorrhage VIDEO – 10%
• A Delivery Attempt Was Made – 10%
• All Employees: Update Healthcare
Information – 9%
• Change of Password Required Immediately
– 8%
• Password Check Required Immediately –
7%
• Unusual Sign-in Activity – 6%
• Urgent Action Required – 6%
(KnowBe4)

Ransomware
• 320,000 new samples of malware are
detected every day
• Mobile ransomware increasing
• 350% growth in the first quarter
• Costs estimated to exceed $5 billion
in 2017
• Money and information
• Size of company is irrelevant
• Some viruses act behind the
scenes and are active for years
on a system
• Growth of zero day exploits
• Growth of APTs
• 91% of attacks start through phishing
• Highly sophisticated perpetrators
• Threat intelligence service

Mobile Security
• Vast majority of end users rely on mobile devices
• IT teams are typically not yet prepared
• 58% of users said mobile access improves efficiency and productivity
• 37% said this is very important
• What should security provide?
• Threat detection, analysis, remediation, network attacks, malicious apps,
noncompliant apps, vulnerabilities, compromised device operating systems
• 67% of IT pros say they have probably already been breached (Ponemon Institute)
• 64% of IT leaders say it is very likely that sensitive corporate data is present on
their employees’ mobile devices (ESG)
Must move beyond ‘mobile security management’
to actual mobile security products

Shadow IT
• Increases risk of data loss and compromise
• 71% using applications not sanctioned by IT
• Whack-a-mole approach
• A typical enterprise uses more than 1,427 cloud
services, of which 90% are not enterprise
ready (Netskope Cloud Report)
• 23.7% growth
• Only 8.1% meet requirements of Skyhigh’s Cloud
Trust Program
• Growing use of cloud access security brokers (CASB)
• Particularly useful for shadow IT, where operating
units want to manage their own security policies
• Netscope and Skyhigh Networks

Collaboration
• Lack of policies when collaborating
• Productivity versus security
• Accidental exposures
• Receipt of files not intended for recipient
• Lack of adherence to policies, such as deletion
• Cloud-based file sharing policies – Dropbox, Box
• Temporary workers, contractors, third parties, partners, internal users
• Sharing of files by users unauthorized to see them, including external recipients
• Operating environment security features not used, to protect data and define
roles for users
• Confidentiality determined by document owner
• The average company is using 61 distinct file sharing services and 174
collaboration services

Provisioning – Oops, You Don’t Work Here Any More?
• 20% said failure to deprovision has lead to a data breach
• 48% of respondents are aware of former employees who still have access to
corporate applications
• 50% say ex-employees’ accounts remain active once they have left the company
• 25% of respondents take more than a week to deprovision a former employee
• 25% said they don’t know how long accounts remain active once an employee
has left the company
• 44% of respondents not confidence that former employees have been removed
from corporate networks at all (OneLogin Survey)

SharePoint and Office 365
• 50% of SharePoint organizations have
experienced a data breach (Ponemon/Metalogix)
• 22% may have experienced a data breach but
can’t confirm it
• Employees, third party contractors, and partners
are the main source of breaches
• 63% do not feel they have full visibility of where
sensitive data is located
• 17.4% of documents in OneDrive contain
sensitive information (not removed)
• Lack of training, audits, and appropriate
technologies
• Cyber criminals are persistent
• 100,000 attempts (failed logins) from 67 IPs
and 12 networks, targeting 48 customers’
Office 365 accounts
Reference Material
Skyhigh Networks
How to Enhance the Security
of Office 365
Top Seven Office 365
Security Use Cases for a
CASB
Office 365 Adoption and Risk
Report
The Definitive Guide to Office
365 Security

What to Rethink – Dangerous Assumptions
Rethinking Security
• 40% of organizations think their ISP will protect the
organization from DDoS attacks
• 30% think their data center or infrastructure partners
will provide protection from a cybersecurity attack
• Organizations think their cloud providers can protect
against ‘smart attacks’, which use encryption or
mimic end user behavior
• 30% don’t do anything because they don’t feel it will
happen to them
If you think these things too, then go to the back of the class – all of them are
erroneous statements, the risk is on you

Security Checklist
• A security assessment can identify vulnerabilities and create a roadmap for bolstering
network protection
• By securing mail and internet gateways, IT can automatically detect malware, isolate
threats, and keep users off watering hole sites
• Endpoints are secure when IT has firm control over applications and enforces data
policies for removable media and devices – IT can also deploy robust malware
protection, surfing controls, and dynamic application whitelisting
• By deploying an analysis engine in combination with sensors throughout a network, IT
can evaluate suspicious objects, identify concealed threats that have already
penetrated, and maintain a real-time view of incoming threats
• Mobile devices are less likely to introduce infections when they utilize a browser
optimized for security and are safely isolated from corporate data and applications
• Strong system configuration and patch management capabilities help eliminate
vulnerabilities quickly and maintain tight control over software throughout the network
• An advanced sandbox isolates suspicious objects and creates a safe environment for
detonation and observation
• Incident response experts – in-house or from a security vendor – can investigate
suspicious objects and activities and mitigate persistent threats deployed on a network

Recurring Themes
There is no simple solution, but most cybercrimes, whether by hackers or your
employees, are generated internally – the organization can control and can prevent
• Priorities – is it going to be productivity or security? (Balanced?)
• Education and training – ongoing and frequent
• Identify and secure confidential information
• Put policies and processes in place and ENFORCE – provisioning
• Control Shadow IT
• Regardless of whether BYOD – secure mobile communications
• Secure all devices that communicate with the organization
• Backup, backup, backup
• Watch for lateral movement
• Get the right tools to all secure end points
• Yes, it’s going to mean money, but it cost Nivea $41.5 million and as of
August, from June, the plants were still not up and running

In 2017, Boeing disclosed a breach involving personal information for
36,000 employees. The cause? An employee forwarded a document to his
spouse.
A disgruntled former IT admin for Georgia-Pacific, a paper manufacturer
that employs 350,000 people, wreaked havoc in 2014 by using a VPN to
access company servers. The admin installed his own software and
proceeded to cause an estimated $1.1 million of damage.
In 2016, a SaskPower employee accessed the personal information of
more than 4,000 past and present employees. SaskPower rightfully
reported the incident as a privacy breach to the Saskatchewan Information
and Privacy Commissioner. The company encountered negative headlines
for weeks, underwent an extensive investigation, amended its code of
conduct, and implemented new training and policies.
BetterCloud

Where We Can Help
• Eliminate end user tagging and automatically identify and protect
privacy and confidential information
• Rapidly deployed workflows, to protect content from compromises
and vulnerabilities, remove from access and prevent portability
• Increase scans of Exchange when a data breach is most likely
to occur, reducing risk and potential breaches
• Scan OneDrive for Business in real time, file shares, and any third party
software – Box, OpenText Content Suite
• Deploy secure collaboration preventing access and sharing of
confidential content located within the document
• Solutions can also be deployed to improve search, records
management, secure collaboration, compliance, information
governance, ECM, enterprise metadata repository, eDiscovery,
migration, knowledge management, and text analytics and mining

Situation:
• Budget of $6.9 Billion
• Over 60,000 users
• Runs 75 hospitals and clinics providing care to more than 2.6 million
beneficiaries
Challenge:
• Data Privacy
• Intelligent Migration
• Before and after
• Records Management
• 72,000 Site Collections, 5,300 retention codes, classify 200,000
documents per hour with minimum resources (Proof of Concept)
Solution:
• conceptClassifier for SharePoint
Benefits:
• Automatic tagging based on organizational vocabulary and descriptors
• Automatic routing and the ability to change the SharePoint content type
• Eliminated manual tagging, removes from unauthorized access and
portability
• No security exposures or breaches in 11 years, since deployed
The US Air Force deployed the
technologies to implement data
privacy protection processes and
after five years has not had a data
breach
Case Study – Automatic Tagging, Policy, and Governance

Next Expert Webinar
Healthcare at a Crossroads – A New Solution to an Old Problem
Wednesday, October 18th 2017
Register
Join Concept Searching to see a radically different way to view all aspects
of a patient, in one unified view.
Trusted healthcare information is often hard to find. Our concept-based
searching enables dramatic changes to the way information is typically
found.
Incorrectly tagged content and inaccessible information can jeopardize
someone’s life. We provide the tools you need to perform.
Read more and register in the Upcoming Webinars area of our website.

Thank You
Carla Mulley
Vice President of Marketing
Concept Searching
carlam@conceptsearching.com
www.conceptsearching.com
marketing@conceptsearching.com
Twitter @conceptsearch
John Challis
Founder and Chief Executive Officer
Concept Searching
johnc@conceptsearching.com

Appendix
Handy Guide to the
Ins and Outs of Hacking

When Do We Get Hacked? Stay Home on Thursdays
Malicious attachment message volume spikes more than 38% on Thursdays over the
average weekday volume – these weekday targeting trends appear to be global
• Malicious URL message volume is more evenly distributed across weekdays
• Tuesday and Thursday remain the top days for sending malicious URL messages
the main vector for credential phishing attacks
• Weekends are still low-volume days for email-borne threats
• URL message volume does not drop off as significantly as attachments
• More regional variation for URL campaigns by day of the week – of regions
examined, sending days for Europe diverged the most from the US and Canada
• Thursday is the clear peak day, accounting for 20.2% of weekday message
volume
• Tuesday is next at 17.6%. Monday, Wednesday, and Friday are roughly equal at
about 15% each
Recommendation: Adopt defensive solutions that can protect your users from the full
range of email-based attacks, seven days a week. The solutions should have the
capacity to handle the highest message volume days without impeding performance
or sacrificing effectiveness.

When Do We Get Hacked? Malware – Work Nights
Thursday isn’t just for throwbacks: malware categories vary distribution by day of the
week. Malware delivery times tend to be consistent every week, though with crucial
differences between malware types and delivery vectors.
• Campaigns that use malicious attachments arrive at the beginning of the business day
and drop off sharply after 4-5 hours
• Those that use malicious URLs arrive more evenly throughout
the day. Threat actors time message delivery to maximize their impact.
• Information stealers arrive early in the week when they can collect the most
information
• Ransomware and point of sale (POS) Trojans arrive later in the week when security
teams have less time to detect and mitigate infections before the weekend. Malicious
URL message volume is more evenly distributed across weekdays
Recommendation: Organizations should increase monitoring for the presence of
malware in their environment in the second half of the business week. And they
should deploy automated incident response solutions that enable them to quickly
resolve security incidents and mitigate threats in hours rather than days.

When Do We Get Hacked? Malware – Don’t Eat Lunch
• Working lunch? Clicking lunch. Attackers understand when recipients are most likely to
click on malicious messages and optimize their campaigns.
• Activity increases quickly with the start of the business day and peaks around 4-5
hours after that, right around lunchtime
• This pattern is largely consistent across other regions. Users in the US, Canada,
and Australia follow this trend most closely, while French clicking peaks around
1pm
• On the other hand, Swiss and German users don’t wait for lunch to click, their
clicks peak in the first hours of the working day
• UK workers pace their clicking evenly over the course of the day, with a clear drop
in activity after 2pm
Recommendation: Deploy solutions that can protect users regardless of where they
are reading and clicking on malicious messages, whether that’s at their desks in the
morning or on their smartphones over lunch.

When Do We Get Hacked? Trojans, Credential Stealers,
Keyloggers, and POS – Just Stay Home
• While Wednesday is the peak day for banking Trojans, credential stealer campaigners
favor Thursday
• Downloaders are spread relatively evenly across Monday through Thursday
• The numbers for lower-volume malware show even clearer preferences in sending
days
• Keyloggers and backdoors favor Mondays. The number of Monday campaigns for
backdoors is 68% greater than the Tuesday-through-Thursday average
• The Monday bias of keyloggers is even more pronounced, more than twice as
many keylogger campaigns send on Mondays than the Tuesday-through-
Thursday average
• Point of sale (POS) campaigns are sent almost exclusively on Thursdays or Fridays,
with 80% of 2016 campaigns occurring on one of those two days

When Do We Get Hacked? Go Fishing not Phishing
• Phishing scale and effectiveness – in 2016, the five most common lures were almost
unchanged – delivery volume does not correlate to click rates
• Phishing messages designed to steal Apple IDs were the most sent, but Google Drive
phishing links were the most clicked
• Accounts used to share files and images, such as Google Drive, Adobe Creative
Cloud, and Dropbox, are the most effective lures – these messages made up less than
24% of the message volume among the top ten lures but were the most effective as
measured by click rates
• Pronounced difference in the lures and effectiveness between the large and small
credential phishing campaigns
• While social media lures don’t make a huge statistical dent in our threat data, they can
still be effective in smaller, more targeted campaigns
• Document sharing lures, meanwhile, are consistently effective, so popular with
attackers, in both large and small campaigns
• Smaller campaigns drive a higher click rate than large campaigns – that makes quickly
detecting and mitigating them crucial

When Do We Get Hacked? Go Fishing not Phishing
Recommendation: Teaching employees to beware of the latest and most effective
phishing lures is important. But attackers can change lures, payloads, and any other
aspect of their campaigns overnight. Deploy solutions that can detect a variety of
credential phishing attacks through a combination of proactive and real-time URL
sandboxing in emails.
The 2016 data proved yet again that every organization clicks: 4.6% of malicious
URLs are clicked across all industries and organizations. As in past years, some
industries click more than others. Industries that “move atoms” – for example,
construction and mining – click more often on malicious URLs than digital-era
industries that “move bits.”

When Do We Get Hacked? Business Email Compromise –
Don’t Open Your Email
Business email compromise (BEC): exploiting the human factor
• Rise of BEC attacks highlights the growth of attack techniques that shift the burden of
action from an automated exploit or tool to a human
• Three quarters of our worldwide customer base experienced at least one BEC attack
attempt in the last three months of 2016
• This growth was reflected in the rise of BEC relative to banking Trojans in
financial fraud attacks between 2015 and 2016
• BEC is a new type of threat, but attackers are already evolving their techniques in
the face of increased user awareness and automated defenses
• BEC attackers often would send spoofed messages to the CFO of a targeted
company, purportedly from the CEO
• While CEO impersonation, or spoofing, continues in BEC attacks, cyber criminals
are increasingly targeting victims deeper within organizations
• Attacks are shifting beyond the CEO-CFO relationship, targeting the CEO’s
relationship with other employee groups – they might target accounts payable for
wire transfer fraud, engineering to steal intellectual property, and human
resources to get confidential tax and identity information

When Do We Get Hacked? Don’t Use Your Cell Phone
Cell Phone
• Almost 90% of clicks on malicious URLs occur within 24 hours after they’re delivered
• These messages have their greatest impact the day they arrive: 87% of clicks occur
within first 24 hours of delivery
• Almost half of clicks occur within an hour after the message arrived
• And a quarter of clicks occur just 10 minutes after arrival. The median time-to-click –
the time between arrival and click – is shortest during business hours: from 8am to
3pm EDT in the US and Canada
• The median time-to-click is less than 1 hour, a pattern that generally holds for the UK
and Europe as well

When Do We Get Hacked? There’s Always One in the Crowd
– Meet TA530
Spear-phishing at scale: mass personalization automates social engineering
• 2016 saw typically small, highly targeted campaigns with carefully crafted lures
• Exception – prolific actor dubbed TA530
• High degree of personalization and clever social engineering present in their
campaigns exploited the human factor at scale
• TA530 distributed a wide range of malware for other cyber criminals
• Used LinkedIn, Salesforce.com
• Tens of thousands of thousands of people (POS)
• Tricked even savvy users into opening attachments
• Used email lures and document attachments
• Unprecedented legitimacy to emails
• That scale exposed large numbers of users to banking Trojans, information stealers,
and more, by tricking users into opening attachments and running malicious code

When Do We Get Hacked? Threat Landscape – It Ain’t Pretty
Dramatic shifts in the threat landscape that started 2015 continued throughout 2016 and
into 2017
• Traffic for traditional exploit kits dropped by more than 94% in 2016, driven by factors
ranging from law enforcement action to the increasing rarity of viable exploits
• Ransomware explosion

When Do We Get Hacked? Threat Landscape – Conclusion
• Social media is now an integral part of an attacker’s arsenal, with a 150% increase in
angler phishing attacks as more brands and industries are targeted in these schemes
• Phishing campaigns moved to new channels in 2016, including mobile devices
• Targets of these attacks will often receive SMS and email instructions asking for
account credentials
• Employees clicking on SMS messages with malicious links clicked 42% during
2016 compared to the long-running rate of 20%
• Human targeted attacks continued to lead the pack in 2016 – attackers used
automation and personalization to increase the volume and click-through rates
• Cyber criminals are adopting marketing best practices and sending their
campaigns on Tuesdays and Thursdays, when click-through rates are higher
• Meanwhile, BEC and credential phishing attacks target the human factor directly –
no technical exploits needed – instead, they use social engineering to persuade
victims into sending money, sensitive information, and account credentials
Timing is everything – attackers know that hitting your employees with a well-crafted
email at the just the right time produces the best results
Source: The Human Factor 2017, Proofpoint

• Password complexity – if a company states that every password must begin with a
digit and have five letters, it is giving a hacker a hint about what should be the first
key of the password
• If everything is done over SSL and you think you’re safe, guess what, you’re not
• Don’t think your organization is too small to get hacked – it isn’t
• Just because an organization is compliant, doesn’t mean it is secure – it may have
done nothing to secure the network and overall security operations
• Don’t think the digital world is the same as the physical world – the digital world has
no boundaries, geography doesn’t matter.
• Trust, in both people and solutions, doesn’t actually exist in the digital world – you
can have confidence in a system, but don’t become complacent
• Protection has to move closer to the assets it is trying to protect, and away from
trying to identify who committed the crime
What Are the Most Common Risks?

Eliminate the 49% of Documents that Contain Data Breaches Webinar

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (19)

Semelhante a Eliminate the 49% of Documents that Contain Data Breaches Webinar

Semelhante a Eliminate the 49% of Documents that Contain Data Breaches Webinar (20)

Mais de Concept Searching, Inc

Mais de Concept Searching, Inc (20)

Último

Último (20)

Eliminate the 49% of Documents that Contain Data Breaches Webinar