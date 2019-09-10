Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

More Than 99% of Threats Target Corporate Staff

Over 99% of cyber-threats require human interaction to work, highlighting the importance of user awareness programs and layered defenses, according to Proofpoint.

The security vendor’s 2019 Human Factor report is based on an 18-month analysis of data the firm collected across its global customer base.

It adds some concrete findings to the general trend observed by many in the industry over the past few years that attackers are increasingly targeting the “weak link” in the cybersecurity chain: corporate employees.

Specific staff members, dubbed "Very Attacked People" (VAPs), are targeted most often — perhaps because they have access to corporate funds or sensitive data, or even because they are easily discoverable by outsiders.

Some 36% of VAPs identified in the report could be found online via corporate websites, social media, publications, and other methods.

To stand the best chance of success, attackers targeting humans typically mimic legitimate email patterns: fewer than 5% are sent at weekends and the biggest number (30%+) come on Mondays.

Education, finance, and advertising/marketing were the most targeted industries, with education having one of the highest average number of VAPs across any vertical, Proofpoint claimed.

In 2018, the sector accounted for the largest number of imposter attacks, along with the engineering and automotive verticals.

Microsoft products and services accounted for nearly one in four phishing attacks in 2018, with messages focused on harvesting user credentials for lateral movement, future attacks and internal phishing.

“Cyber-criminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of threat operations for Proofpoint.

“To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

DDoS Attack Forces Wikipedia Offline

2
News

Monster Defends Data Leak Response

3
News

Pupils Flagged as Cyber Threat to UK Schools

4
News

Hackers Steal $4.2m from State Troopers' Pension Fund

5
News

Lufthansa Offers Biometric Boarding at Fourth US Airport

6
News

#GartnerSEC: How to Make Automation Decisions for Security

1
News

#GartnerSEC: How Security Leaders Can Navigate Difficult Discussions in the Enterprise

2
News

#GartnerSEC: Maersk CISO Outlines Lessons Learned From NotPetya Attack

3
Blog

Security by Sector: Charity Workers Least Likely to Receive Email Security Training

4
News

#GartnerSEC: Maersk’s Adam Banks Reflects on NotPetya Response and Recovery

5
News

More Than 99% of Threats Target Corporate Staff

6
News

#GartnerSEC: 2019 Projects Should Include Incident Response, BEC and Container Security

1
Webinar

DNS: From Security Risk to Defensive Asset

2
Webinar

How SOAR Can Improve Security Operations, Monitoring & Incident Response

3
Webinar

Moving from FTP to MFT for Security, Functionality and Data Transfer Compliance

4
Webinar

Can You be Secure by Design, Compliant and Enable Optimum Functionality?

5
Webinar

Mastering the Security Art of Identity, Access & Authentication

6
Webinar

The Key to Successful Cybersecurity Projects: Asset Management - Asking the Right Questions

1
Blog

Security by Sector: Young Brits Call for Smartphone Policies and Social Media Lessons in Schools

2
News

US Government Flags 2020 Election Ransomware Threat

3
Opinion

Flexibility in Vulnerability Management: Why It’s Essential

4
News

Imperva Breach Hits Cloud Customers

5
Blog

Going Beyond the Gender Gap – Why Diversity is Vital for the Future of Cybersecurity

6
News

NATO: Attack Like WannaCry Could Prompt “Collective Defense Commitment”