Digital defense strategies should focus on people, as well as systems.
According to the latest annual Human Factor study from cybersecurity and compliance company Proofpoint, more than 99% of cyberthreats observed required human interaction to execute. This includes “social engineering activities” such as enabling a macro, opening a file, following a link, or opening a document.
While one-to-one attacks and one-to-many attacks were more common when impostor attacks first began to emerge, the study finds that cybercriminals are finding success in attacks using more than five identities against more than five individuals in targeted organizations.
In addition, rather than focus on high-profile very important people (VIPs) at a company, fraudsters often target what Proofpoint terms “very attacked people” (VAPs) located deep within an organization. Thirty-six percent of VAP identities could be found online via corporate websites, social media, publications, and more. For the VIPs who are also VAPs, nearly 23% of their email identities could be discovered through a Google search.
Other interesting findings include:
• Impostor message delivery closely mirrors legitimate organizational email traffic patterns, with less than 5% of overall messages delivered on weekends and the largest portion - over 30% - delivered on Mondays.
• Overall malicious message volumes sampled in the second quarter of 2019 were distributed more evenly over the first three days of the week, and were also present in significant volumes in campaigns that began on Sundays (more than 10% of total volume sampled).
• Asia-Pacific and North American employees are far more likely to read and click early in the day, while Middle Eastern and European users are more likely to click mid-day and after lunch.
• In the first half of 2019, the most highly targeted industries shifted to include retail and manufacturing.
The study is based on an 18-month analysis of data collected across Proofpoint’s global customer base.