Human Factor Biggest Cyber Vulnerability

By:  |  Category: Blog, Security Wednesday, April 25th, 2018  |  No Comments
human factor

Attackers have gone back to old school cons. If they can’t get in through the security system then they dupe the employees to let them in.

Jonathan Greig at TechRepublic recently penned an article based on the latest Proofpoint research: “According to cybersecurity firm Proofpoint, the ‘vast majority’ of digital attacks aimed to exploit the “human factor” through phishing attempts and related efforts.

Many of the phishing emails spoofed brand names like Dropbox and DocuSign to get users to click on malicious links.

Hacking attempts now focus more on human vulnerabilities in a system versus vulnerabilities in software or hardware.

Cybersecurity firms and analysts have well publicized major vulnerabilities in web-based systems, identifying loopholes and lapses in security. But a recent report from Proofpoint, said most cyberattacks are designed to take advantage of human error instead of flaws in hardware or software.

In their 2018 Human Factor Report, Proofpoint analyzed cyberattacks throughout 2017, looking into attempted attacks on nearly 6,000 organizations across the world. They found that almost every industry suffered from a growth in the number of attacks, ranging from phishing to ransomware and cloud application breaches.

“Email remains the top attack vector…Attackers are adept at exploiting our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to persuade us to click,” the report said.

Some 50% of all clicks on malicious emails occurred within an hour of it showing up in the victim’s inbox. And 30% happened within 10 minutes of receiving the email. Hackers, either working on their own, with a group, or with a state-sponsored entity, attempted to take advantage of human trust in most cases. Nearly 55% of social media attacks that impersonated customer-support accounts were aimed at financial institutions.

“Many of these attacks rely on social engineering,” the report noted. “Others simply take advantage of inclinations for immediate gratification, improved status, or even the reward of ‘getting something for nothing.'”

The report goes on: “But as the old adage goes, there is no such thing as a free lunch. The hidden costs of a bargain in social media channels can often be credential loss to phishing, coin mining through browser hijacking, and malware infections.”

Surprisingly, phishing emails pretending to be from Dropbox were far and away the most common lure hackers used, followed by fake DocuSign emails, which had a higher rate of success, the report said. Of all malicious emails searched in the survey, ransomware and banking Trojans accounted for more.

The study had a number of interesting observations and tidbits concerning when and how hackers attempt to infiltrate our lives. Europe and Japan had higher-than-usual proportions of banking Trojans, at 36% and 37% respectively, while the rest of the world suffered mostly from ransomware.

Proofpoint said education, consulting, and entertainment firms suffered from the largest number of email fraud attacks, with each organization averaging about 250 attacks.

Crimeware was specifically used when attacking the tech and healthcare industries, and the manufacturing industry was repeatedly hit with phishing attempts along with the construction industry.

“As the threat landscape continues to evolve, new tools and approaches are emerging regularly. But one thing remains constant: the human factor,” the report said. “More than ever, cyber criminals rely on people to download and install malware or send funds and information on their behalf.”

If you need assistance with cyber security training give us a call at 714-970-9330 or contact us at [email protected]

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
How to Protect Against Cryptomining

Does it ever feel like your computer somehow downloaded a "slow bug?" It used to be responsive and quick and...