People are the most important aspect to securing network systems, yet they possess the ability to be the most vulnerable part of any highly secure system, according to Phil Fuster, vice president of sales at Proofpoint.
At MeriTalk’s Cyber Central – Secure by Design conference in Washington, D.C., on Oct. 27., Fuster stressed that organizations should be building a culture of cyber hygiene that has the idea of failure built into it as a possibility.
“Data doesn’t lose itself, people are generally involved in the loss of data. Most cyberattacks won’t succeed unless the person falls for it,” Fuster said. “Cybersecurity starts with training your people and building a risk-based framework and building a good culture in an organization.”
Fuster added that organizations should also be looking to build their cyber hygiene by moving away from having personnel that have access to a higher amount of data and more privileges.
“The more privilege a user has, the more risk they’re going to introduce in an organization. You really need to make hard decisions about who you give privileges to nowadays, the era of the super user is kind of going away. Because you need to know what data they have access to, you also need to build in protective measures to isolate those individuals that do have more privileges,” stated Fuster.
Fuster continued the conversation by explaining some of the things that Proofpoint has been working on when it comes to threat intelligence for its customers.
“We see about 26 percent of the world’s email. We have over a trillion-node network that collects data on attacks, so we have a lot of over-the-horizon threat intelligence we provide customers – but we also see threats from two-thirds of the world’s mobile devices,” stated Fuster.
Fuster concluded his conversation on threat detection and vulnerabilities to networks by adding that collaboration is a quintessential piece of cybersecurity.
“More collaboration between the different security providers is key. We have a network of companies that we work very closely with, whether it’s Splunk or CrowdStrike, or others in the industry. We do a lot of collaboration and the more vectors you have for that threat intelligence and the more advanced sharing you can do, the better we will protect our government,” stated Fuster.