author photo
By Bruce Sussman
Fri | Mar 1, 2019 | 7:05 AM PST

Have you heard of the Attack Index, which was created for cybersecurity leaders and teams?

It turns out there is one, and it's a way of integrating people-centric security along with your InfoSec technology.

We came across the Attack Index as our team was doing research for the upcoming SecureWorld web conference on Identifying and Protecting Your Very Attacked Persons, which draws on Proofpoint's 2019 State of the Phish report.

How the Attack Index works

The Index works by looking at several factors in a weighted formula. Two examples: Which members of your organization are targets of cyber attacks most often? What is the sophistication of those attacks and the threat actors behind them? 

The end result is your employee Attack Index.

Ryan Kalember, Senior VP of Cybersecurity Strategy for Proofpoint, says, “Through the Attack Index, security teams can easily identify their VAPs (Very Attacked Persons) and put in place a plan to better secure those users.”

5 benefits of an Attack Index

What kinds of things does this help with? Proofpoint claims the following are benefits:

  1. Easily identify the most attacked people in the organization, a viewpoint that was not previously possible
  2. Implement different policies and controls for different employees based on how they are being targeted
  3. Identify the most malicious threats targeting their organization and specific employees via the Threat Severity Scoring system
  4. Use the VAP viewpoint and the targeted functions within their organization to communicate risk to senior management and the Board of Directors in a concise and clear way

We'll hear more about this Index, along with details on which roles within an organization are most likely to be targeted in phishing attacks, during our upcoming Protecting Your Very Attacked Persons web conference, which you can watch live on March 13th at 1 p.m. ET or on-demand after the live webinar has concluded.