Human Participation Lies Behind 99% Of Cyber Attacks

Uploaded on 2019-09-17 in NEWS-Cybersecurity News, FREE TO VIEW

As we now know that effective email cyber attacks often need the targeted victim to open a file, or click on a link, that is in the fake email you have received. While a tiny fraction of attacks target software faults to compromise systems, the vast majority of cyber crime, some 99%, require some level of human input to make it happen. 

This analysis and investigation comes from our research at Cyber Security Intelligence and is based on work and reporting we have done in discussion with cyber security and commercial partners over the last three years. What has become obvious is that the global cyber crime rate has significantly increased year on year and that phishing attacks are becoming increasingly sophisticated. 

The cyber criminal operations now going on have an estimated financial impact of at least $450 billion worldwide. 

While Internet dependency and the digital economy are flourishing, 68 percent of business leaders said their cybersecurity risks are also increasing.  Whether by accident or intent, many employees are often the root cause of successful cyber attacks. It's often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues and the CEO.

This social engineering is the key element in making effective attacks work and hackers are copying how the organisations operates to improve their hacking attack rates. 

As most people use their phones to manage financial operations or handle sensitive data outside the security of their home network, this becomes a prominent threat. The fact that users typically hold all their information on their phone, and this seriously increases the security risk if the device is lost or stolen.

For example, a user might be suspicious of an email claiming to come from a colleague that arrived in the middle of the night, but one which arrives in the middle of the working day is more likely to be treated as a legitimate email, with the potential for the victim to accidentally set the ball rolling for an attack.

Phishing is one of the cheapest, easiest cyber attacks for criminals to use, but the reason it remains a cornerstone of hacking campaigns is because, phishing works. 

While many phishing attacks are designed to look highly legitimate, there are ways to identify what could potentially be a malicious attack. For example, unexpected emails that are based around a sense of urgency could be viewed as suspicious. If a user is in doubt, they could contact the supposed sender of the message to see if it is a legitimate message.

Organisations should ensure they have proper and reasonable frequent cyber training for all employees as this reduces the likelihood of cyber-attacks gaining access by at least 80%. 

Update your software and security patches every six months or so as this decreases the effects of malware that relies on known vulnerabilities within your systems. With new advances in AI-driven technology, utilizing AI in cyber attacks will become an even more popular and dangerous trend.

For more information, please  contact Cyber Security Intelligence.

You Might Also Read: 

Dealing With Malicious Emails:

 

« Smart Technology In The Cyber-Age
Social Media Should Have Strict Privacy »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

HyTrust

HyTrust

HyTrust specialises in security, compliance and control software for virtualization and cloud environments.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

AdaptiveMobile Security

AdaptiveMobile Security

AdaptiveMobile Security, a world leader in mobile network security, protecting more than 2.2 billion subscribers worldwide.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Techtron Business IT Services

Techtron Business IT Services

TECHTRON has been providing business IT services since 2004. Our focus is on SMBs and we are good at it. Our customers trust us, they love our high levels of service, and they love what we stand for.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.

Cyberscope

Cyberscope

Cyberscope is a Web3 security firm specializing in smart contract audits, crypto security audits, and blockchain vulnerability assessments.