He also recommends whitelisting, which is creating a simple list of applications that have been granted permission by the user or an administrator. When an application tries to execute, it is automatically checked against the list and, if found, allowed to run. "It's a safer way to protect end points from getting infected," Sjouwerman says.
Verizon calls for a three-point approach to protecting employees from phishing scams, including better e-mail filtering before messages arrive in user in-boxes, a security awareness program, and improved detection and response capabilities.
Proofpoint executives say information security policy and practices must pay special attention to non-executive employees, where most of the compromises will originate. Security teams should also develop granular policies and defenses for departments that are particularly vulnerable.
Sign up for MIS Asia eNewsletters.