Safetech Proofpoint Webinar: From Inbox to Incident — Rethinking Cybersecurity from the Perspective of Human Risk

Safetech Proofpoint Webinar: From Inbox to Incident — Rethinking Cybersecurity from the Perspective of Human Risk

Even though a good part of communication and collaboration has moved to channels such as Teams or WhatsApp, email remains the main attack vector, being the gateway for over 90% of major security incidents. The recent webinar organized by Safetech Innovations put under the magnifying glass an uncomfortable reality for many organizations: although investments in technical solutions such as firewall or antivirus are increasing, attackers have found a simpler way to get past the perimeter – the human factor. The role of this event was to present an integrated, human-centric approach that prevents modern attacks before they cause irreparable damage.

The webinar was held by Marinel Staiu, Cybersecurity Presales Engineer at Safetech Innovations.

The paradox of “awareness and malware-free attacks”

A current challenge for most organizations is the inefficiency of traditional training programs. The statistics for 2024 are alarming: 71% of employees admit to having taken at least one risky action in the last year (clicking on an unknown link, downloading a suspicious file), but the really serious part is that 96% of them knew, at the time of the action, that what they were doing was dangerous.

This gap between knowledge and behavior shows that theoretical education is no longer enough. The attackers no longer rely only on ignorance, but on fatigue, routine and urgency. Moreover, modern Business Email Compromise (BEC) or QR Phishing (Quishing) attacks are often technically “clean” – they do not contain malware, but are purely based on psychological manipulation and impersonation, thus being invisible to classic security filters.

Intelligent Human Risk Management (Proofpoint ZenGuide)

The solution presented to combat these vulnerabilities is the ZenGuide platform. Unlike the annual “tick and forget” courses, ZenGuide proposes a dynamic methodology called DICE (Detect, Intervene, Change, Evaluate). The goal is to transform the employee from a weak link into an active security “sensor”.

A critical point in this strategy is the identification of risk profiles. Marinel Staiu stressed the importance of prioritizing training efforts according to the real threats targeting the organization:

“People are no longer just end users but an active attack surface. But people are not the problem, but part of the solution, if they are approached correctly. Instead of treating security generically, through the concept of Very Attacked People we identify exactly those users who represent an increased risk to the organization, either in terms of their attractive role for attackers or through the history of incidents. If we treated these people the same as a user who is only targeted once a year, we would completely miss the prioritization of resources; ZenGuide allows us to tailor the intervention exactly where the risk is real and imminent.”

Through this concept of Very Attacked People (VAP), the platform allows IT teams to focus educational resources on the most frequently targeted people, providing them with a higher level of protection and awareness than the rest of the organization.

Technical barrier and Nexus AI

Education must be supported by technology capable of “seeing” what the human eye misses. Proofpoint Core Email Protection acts as a state-of-the-art filter, powered by the Nexus AI engine. It analyzes trillions of emails globally, learning not only to recognize known viruses, but to understand the context, the relationship between sender and recipient, and the intent behind the message.

This expanded visibility is essential to stop sophisticated QR Phishing attacks, where the threat is hidden in an image (QR code) that standard filters ignore. Nexus AI uses Computer Vision technologies to scan the destination of the QR code and block access if it leads to a phishing page.

From technology to behavior

A major benefit is the interconnectivity between the two solutions. Security no longer works in silos (the technical part versus the HR part). When Core Email Protection detects a new attack, the information is instantly transmitted to ZenGuide to adapt the educational materials. Regarding this strategic benefit of integration, Marinel Staiu concluded: “The biggest benefit of Proofpoint is the removal of barriers between technical and educational effort: real attacks blocked by Core Email Protection automatically become teaching material in ZenGuide. This integration not only dramatically reduces the volume of malicious messages reaching employees, but also decreases the pressure on the security team, automating incident response and turning awareness from a formality into an active security check.”

This automation means that instead of the security team (SOC) wasting hours manually investigating spam reports, the system automatically triages and delivers “micro-learning” courses (1-3 minutes) only to those users who have interacted with similar messages.

DEMO: Localized Content and Phishing Simulation

A particularly relevant aspect for organizations in Romania is localization. The ZenGuide platform provides over 1,300 resources in Romanian, ensuring that the security message is correctly understood by all employees, regardless of their level of technical or linguistic expertise.

The live demonstration during the webinar showed how simple a phishing simulation campaign can be. From templates that mimic corporate benefits (e.g., free ChatGPT Plus account) to fake alerts from the HR department, the platform allows you to test employee reactions in a controlled environment. The results are collected in complex dashboards that measure not only the click-through rate, but also the rate of correct reporting of the incident, providing a “human risk score” that management can monitor over time.

Compliance: NIS2 and ISO 27001

In an increasingly rigorous legislative context, the implementation of these solutions directly responds to the requirements of regulations such as the NIS2 Directive or the ISO 27001 standard. They no longer require only the existence of a security policy on paper, but clear evidence of continuous training, adapted to current threats and based on concrete behavioral data. ZenGuide provides the necessary audit reports to demonstrate the company’s operational maturity in front of regulators.

Proofpoint through Safetech

What differentiates Safetech in the market is its ability to offer Proofpoint solutions (ZenGuide and Core Email Protection) in a complete managed services model. This means that Safetech’s experts can take care of setting up platforms, launching simulations, analyzing alerts, and optimizing security rules, allowing customers to benefit from enterprise-grade protection without overloading internal IT teams.

The solutions presented in the webinar are immediately available for Demo and Proof of Concept, with Safetech providing full support for their integration into existing infrastructures, including support for understanding risk data and customizing training programs for each customer’s specific context.

The full recording of the webinar is available at: https://youtu.be/_lNCEU3YDx4 .