Internal phishing: Leveraging the compromised account’s legitimacy to send phishing emails to colleagues, spreading the attack internally. Privilege escalation: Seeking ways to gain higher levels of administrative access. Data exfiltration: Copying and stealing sensitive information. Ransomware deployment: Encrypting critical systems and demanding payment.
traditional challenge questions easily. “Asking for PII doesn’t work anymore,” Passera says. More recent verification methods, such as real-time video validation, where an individual displays their driver’s license on camera, are no longer foolproof. The rise of AI-powered deepfakes—highly realistic fabricated video or audio —presents a relatively new but growing challenge. Passera cites a reported example where a financial employee at a multinational firm in Hong Kong was asked to attend an internal video conference call. The call, however, was staged with deepfakes of senior officers, including the firm’s chief financial officer, who duped the employee into transferring $25 million to a surreptitious account. These and various other forms of deception create a tricky balancing act for cybersecurity officials. More stringent verification processes increase security but can frustrate users and impede productivity, especially at government agencies that serve diverse populations or share information with other agencies. Once a malicious actor gets their foot in the digital door, however, it’s just a matter of time before they gain wider access to an enterprise’s network and begin their exploits, like: • Accessing sensitive data: Navigating file shares, databases or cloud storage containing citizen
Investing in specialized training, especially for help desk staff. They need to understand the tactics used against them, recognize red flags in user requests (urgency, unusual demands, inconsistencies) and know the interactions. Crucially, says Passera, “Service agents are not security experts.” Training must be practical, synthesized and equip them to identify anomalies without overwhelming them with technical security details. Re-evaluating identity verification processes with an understanding of current threats like PII exposure and deepfakes, balancing security with usability. The key is a layered approach, potentially incorporating risk signals. For example, a simple password reset might require less stringent verification than enrolling a new MFA device, especially if the request originates from an unusual location or follows other suspicious activity indicators. proper procedures for escalating suspicious them. Witt points to three attributes to look for: high- profile individuals with a public persona, workers perceived to have access to valuable information and employees required to work with third-party systems.
Shifting to a Human- Centric Defense Since attackers are exploiting human trust and behavior, IT and security officials need to develop defensive strategies that are also human-centric. Adopting a human-centric security strategy involves taking several steps that yield a deeper, more granular understanding of user actions, context and inherent risks —particularly around email activity—rather than solely relying on technical controls, according to Passera and Witt. Their perspective is based on Proofpoint’s vast intelligence experience in monitoring 85% of the Fortune 100. Specifically, they recommend:
Assessing who is at greater risk and deploying greater
security controls around “
A service desk agent can change a password, reset credentials, manage multi-factor authentication (MFA) devices, and troubleshoot access issues. So, the service desk is a very valuable target for threat actors right now.
PII, financial records or confidential government information.
– Pablo Passera, vice president of product management, Proofpoint
Florida Technology Magazine – 2026 Legislative Edition – 27
Powered by FlippingBook