Human Participation Lies Behind 99% Of Cyber Attacks

As we now know that effective email cyber attacks often need the targeted victim to open a file, or click on a link, that is in the fake email you have received. While a tiny fraction of attacks target software faults to compromise systems, the vast majority of cyber crime, some 99%, require some level of human input to make it happen. 

This analysis and investigation comes from our research at Cyber Security Intelligence and is based on work and reporting we have done in discussion with cyber security and commercial partners over the last three years. What has become obvious is that the global cyber crime rate has significantly increased year on year and that phishing attacks are becoming increasingly sophisticated. 

The cyber criminal operations now going on have an estimated financial impact of at least $450 billion worldwide. 

While Internet dependency and the digital economy are flourishing, 68 percent of business leaders said their cybersecurity risks are also increasing.  Whether by accident or intent, many employees are often the root cause of successful cyber attacks. It's often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues and the CEO.

This social engineering is the key element in making effective attacks work and hackers are copying how the organisations operates to improve their hacking attack rates. 

As most people use their phones to manage financial operations or handle sensitive data outside the security of their home network, this becomes a prominent threat. The fact that users typically hold all their information on their phone, and this seriously increases the security risk if the device is lost or stolen.

For example, a user might be suspicious of an email claiming to come from a colleague that arrived in the middle of the night, but one which arrives in the middle of the working day is more likely to be treated as a legitimate email, with the potential for the victim to accidentally set the ball rolling for an attack.

Phishing is one of the cheapest, easiest cyber attacks for criminals to use, but the reason it remains a cornerstone of hacking campaigns is because, phishing works. 

While many phishing attacks are designed to look highly legitimate, there are ways to identify what could potentially be a malicious attack. For example, unexpected emails that are based around a sense of urgency could be viewed as suspicious. If a user is in doubt, they could contact the supposed sender of the message to see if it is a legitimate message.

Organisations should ensure they have proper and reasonable frequent cyber training for all employees as this reduces the likelihood of cyber-attacks gaining access by at least 80%. 

Update your software and security patches every six months or so as this decreases the effects of malware that relies on known vulnerabilities within your systems. With new advances in AI-driven technology, utilizing AI in cyber attacks will become an even more popular and dangerous trend.

For more information, please  contact Cyber Security Intelligence.

You Might Also Read: 

Dealing With Malicious Emails:

 

« Smart Technology In The Cyber-Age
Social Media Should Have Strict Privacy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

Fingerprint Cards

Fingerprint Cards

Fingerprint Cards develops and produces biometric components and technologies that verify a person’s identity through the analysis and matching of an individual’s unique fingerprint.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

SecondSight

SecondSight

SecondSight’s Vertical AI embodies a full-spectrum approach to cyber insurance, facilitating accurate digital risk profiling.