Cyber Security Landscape - Business Email Impersonation

Cyber Security Landscape

*** Attack Methods - Business Email Impersonation ***

A scammer sets up an email address that looks like its from your company

Then the scammer sends out messages using that email address. This practice is called spoofing, and the scammer is what we call a business email imposter

Scammers do this to get passwords and bank account numbers or to get someone to send them money. When this happens, your company has a lot to lose. Customers and partners might lose trust and take their business elsewhere — and your business could then lose money

Mapped Buisness Risks
Brand Damage	Data/Secret Loss	Service Disruption

Mapped Cyber Risks
Data Security / Loss	Extortion	Human Error	Identity/Password Protection

Mapped Mitigation Methods
Protect Data	Manage Risks, Compliance and Controls	Manage Threats & Vulnerabilities	Enable Visibility

Mapped Solution Categories
Third Party Risk	Application Security	Cloud Security	Data Security	DNS Security	Email Security
End-Point Security	Event Detection & Response	Risk & Compliance	iOT/OT Security	Logs Mgt	Mobile Security
Network Security	Privileged Access	Threat Analytics	Vulnerability / Attack Surface Detection	Web Security

Mapped Functions
Application Security Testing	Automated Security Controls Testing	Cloud Access Broker (inline)	Cloud Access Broker (API/OOB)	Cloud Container Security	Cloud Discovery
Cloud DLP (Inline)	Cloud DLP (API/OOB)	Cloud Infra-as-a-Service Security	Database Activity Monitoring (DAM)	Data Classification & Privacy	Data Encryption
Data Tokenization/Masking	DDoS Protection	Deception	User Device Mgt - Software/Patch (End-Point)	User Device Mgt - Software/Patch (Mobile)	Device Mgt -Software/Patch (Server)
Disk Encryption (End Point)	Enterprise DLP	DMARC Security	DNS Proxy (Off-Prem)	DNS Proxy (On-Prem)	Email Isolation
Email Behavior Analytics	Email Security Cleanup/Automation	Email Phishing Simulations	Email Threat/SPAM	Email User Warnings	Application Control (End Point)
User Device Registration (End-Point)	User Device Registration (Mobile)	Detect & Respond (EDR) (End-Point)	File Integrity (FIMM) (End-Point)	Media Control (End Point)	Next Gen AV (End-Point)
End-Point Protection (End-Point)	Incident Response Services	SIEM	External/Digital Risk Review	GRC	Access Mgt / SSO
Active Directory Behavior Analysis	Admin Server Access	API Mgt	Authentication/Directory	Customer Identity (CIAM)	End-Point Local Admin
Session Management	IOT Device Visibility	Logging Agent	Log Collector	Managed Hunting Services	Managed Security Services (MSS)
Mobile Application Reputation	Mobile Threat	Network Access Control (NAC)	Network Security Policy Auditor	Network Security Policy Orchestration	SSL Decryption
Network Tap	Cloud Network Threat Analytics	Network Based Threat Detection	Network Threat IPS E/W	Network Threat IPS N/S	Network Threat Sandbox E/W
Network Threat Sandbox N/S	ICS/OT Device Visibility	Password Vault	Security Automation (SOAR)	Security Ratings (Vendor & Supplier)	Micro-Segmentation
Network Firewall Segmentation (East/West)	Network Firewall Segmentation (North/South)	Threat Intelligence	URL Filtering (Off-Net)	URL Filtering (On-Net)	URL Filtering/Proxy (On-Net)
URL Filtering/Proxy (On-Net)	User Software Self Service (End-Point)	User Software Self Service (Mobile)	User-Application Access /Zero-Trust VPN	End-User VPN	Site-to-Site VPN
Vulnerability Scanning	Web Application Firewall (WAF)	Web Isolation

Mapped Products
Cyberark Alero	Okta Advanced Server Access

Mapped OEMs
Cyberark	Okta

Last Updated: 03202020-11:28:25