Human Participation Lies Behind 99% Of Cyber Attacks

Uploaded on 2019-09-17 in NEWS-Cybersecurity News, FREE TO VIEW

As we now know that effective email cyber attacks often need the targeted victim to open a file, or click on a link, that is in the fake email you have received. While a tiny fraction of attacks target software faults to compromise systems, the vast majority of cyber crime, some 99%, require some level of human input to make it happen. 

This analysis and investigation comes from our research at Cyber Security Intelligence and is based on work and reporting we have done in discussion with cyber security and commercial partners over the last three years. What has become obvious is that the global cyber crime rate has significantly increased year on year and that phishing attacks are becoming increasingly sophisticated. 

The cyber criminal operations now going on have an estimated financial impact of at least $450 billion worldwide. 

While Internet dependency and the digital economy are flourishing, 68 percent of business leaders said their cybersecurity risks are also increasing.  Whether by accident or intent, many employees are often the root cause of successful cyber attacks. It's often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues and the CEO.

This social engineering is the key element in making effective attacks work and hackers are copying how the organisations operates to improve their hacking attack rates. 

As most people use their phones to manage financial operations or handle sensitive data outside the security of their home network, this becomes a prominent threat. The fact that users typically hold all their information on their phone, and this seriously increases the security risk if the device is lost or stolen.

For example, a user might be suspicious of an email claiming to come from a colleague that arrived in the middle of the night, but one which arrives in the middle of the working day is more likely to be treated as a legitimate email, with the potential for the victim to accidentally set the ball rolling for an attack.

Phishing is one of the cheapest, easiest cyber attacks for criminals to use, but the reason it remains a cornerstone of hacking campaigns is because, phishing works. 

While many phishing attacks are designed to look highly legitimate, there are ways to identify what could potentially be a malicious attack. For example, unexpected emails that are based around a sense of urgency could be viewed as suspicious. If a user is in doubt, they could contact the supposed sender of the message to see if it is a legitimate message.

Organisations should ensure they have proper and reasonable frequent cyber training for all employees as this reduces the likelihood of cyber-attacks gaining access by at least 80%. 

Update your software and security patches every six months or so as this decreases the effects of malware that relies on known vulnerabilities within your systems. With new advances in AI-driven technology, utilizing AI in cyber attacks will become an even more popular and dangerous trend.

For more information, please  contact Cyber Security Intelligence.

You Might Also Read: 

Dealing With Malicious Emails:

 

« Smart Technology In The Cyber-Age
Social Media Should Have Strict Privacy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

CSL Group

CSL Group

CSL solutions provide complete end-to-end connectivity services for Security, Fire, Telecare and other mission critical M2M/IoT applications.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

Nitrokey

Nitrokey

Nitrokey is the world-leading company in open source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

3DOT Solutions

3DOT Solutions

3DOT Solutions is an established UK cybersecurity consultancy focused on delivering end-to-end cyber security solutions for private and public sector customers.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.