Skip to main content

People are still the biggest security threat

(Image credit: Startup Stock Photos / Pixabay)

New research from Proofpoint has revealed that more than 99 percent of cyberattacks require human interaction to execute.

To compile its Human Factor report, the cybersecurity firm conducted an 18-month analysis of data collected across its global customer base. Vice president of Threat Operations for Proofpoint, Kevin Epstein provided further insight on the report's findings, saying:

“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure. More than 99 percent of cyberattacks rely on human interaction to work—making individual users the last line of defense. To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users.” 

Proofpoint's research sheds new light on the importance of social engineering when it comes to enabling successful cyberattacks as potential victims need to enable a macro, open a file, follow a link or open a document for almost all attacks to execute.

Very Attacked People

Proofpoint's report also found that almost 1 in 4 phishing emails sent last year were associated with Microsoft products. Cybercriminals have begun to target users via cloud storage, DocuSign and Microsoft's products as phishing attacks launched through these services are far more effective.

When it comes to the top malware families over the past 18 months, they have consistently included banking Trojans, information stealers, RATs and other non-destructive strains as cybercriminals look to keep their malicious software on infected devices longer in an effort to continuously steal data that can be used in future operations.

Cybercriminals have also begun to target Very Attacked People (VAP) located deep within an organization. These users are more likely to be targets of opportunity or those with easily searched addresses and access to funds and sensitive data. Proofpoint found that nearly 23 percent of VAPs email identities could easily be discovered through a Google search.

Finally the firm's report found that education, finance and advertising/marketing were the industries with the highest average Attack Index. The education sector is frequently targeted with attacks has it has one of the highest average numbers of VAPs across industries while the financial services industry has a relatively high average Attack Index but fewer VAPs.