Proofpoint has announced its annual The Human Factor 2019 report findings which is based on an 18-month analysis of data the firm collected across its global customer base.
The report found that more than 99% of the threats observed required human interaction thus signifying the importance of social engineering to enable successful attacks.
It was also identified that threat actors are refining their tools and techniques in search of financial gain and information theft. Threat actors are finding success in their attacks when using more than five identities against more than five individuals in target organisations.
Often threat actors target “Very Attacked People” (VAP) that are based deep within the organisation rather than traditional VIPs, as they are more likely to be targets of opportunity, or those that have access to funds and sensitive data.
Those VIPs that are also VAPs, almost 23% of their email identities could be found through a Google search. Whilst 36% of VAP identities could be found online via social media, publications, corporate websites and more.
The education, finance and advertising industries were the most targeted industries, with the education sector having the highest average number of VAPs across industries.
The report also found that nearly a quarter of phishing emails sent in 2018 were linked to Microsoft products. The top phishing lures were focused on credential theft, internal phishing, lateral movement and more.
The engineering, automotive, and education industries saw the highest levels of imposter attacks in 2018, averaging more than 75 attacks per organisation. This could be due to supply chain complexities associated with the mentioned industries, and there are high-value targets.
“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of Threat Operations for Proofpoint.
“More than 99 percent of cyberattacks rely on human interaction to work—making individual users the last line of defense. To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/