The days of a hacker sitting alone at their computer screen in a dark room probing for network vulnerabilities is a thing of the past. That’s too much work. To penetrate networks today, hackers almost always enlist the help of an inside accomplice: you.
What hackers have discovered over the years is that it’s much easier to get unsuspecting humans to help them in their endeavour. This was confirmed by research and published in Proofpoint’s Human Factors Report 2019. From the report, “Over 99% of emails distributing malware required human intervention—following links, opening documents, accepting security warnings, and other behaviors—for them to be effective.”
Following up on that, an article on Dark Reading stated, “Most cybercriminals target people, not infrastructure: More than 99% of emails distributing malware from 2018 to 2019 required human interaction. Instead of targeting systems, criminals focus on people, their roles, and data they can access.”
Continuing from the report, “Regardless of the means of attack—email, cloud applications, the web, social media, or other vectors—threat actors repeatedly demonstrated the effectiveness of the social engineering tactics that convinced victims to click malicious links, download unsafe files, install malware, transfer funds, and disclose sensitive information at scale. Whether financially motivated or state-sponsored, attackers all had one thing in common: an understanding of and a willingness to take advantage of the human factor.”
You—you’re the problem. Ironically though, you’re not the solution. Perhaps you think that if you could just train your people enough to stop falling for all these exploits, the problem would go away. You already know the answer, don’t you?
The problem is we’re human, and so far, there just isn’t any cure for that. You can expect hackers to continue to exploit the weakest link in the security chain. So, while security awareness training is something every organization should invest in, it will never be enough. Companies are still going to need another line of threat defense when the humans that work there insist on being human.
That other line of defense is cloud-based email security with real-time link click protection. For those times when people do what people do, help malware along.