Human Participation Lies Behind 99% Of Cyber Attacks

Uploaded on 2019-09-17 in NEWS-Cybersecurity News, FREE TO VIEW

As we now know that effective email cyber attacks often need the targeted victim to open a file, or click on a link, that is in the fake email you have received. While a tiny fraction of attacks target software faults to compromise systems, the vast majority of cyber crime, some 99%, require some level of human input to make it happen. 

This analysis and investigation comes from our research at Cyber Security Intelligence and is based on work and reporting we have done in discussion with cyber security and commercial partners over the last three years. What has become obvious is that the global cyber crime rate has significantly increased year on year and that phishing attacks are becoming increasingly sophisticated. 

The cyber criminal operations now going on have an estimated financial impact of at least $450 billion worldwide. 

While Internet dependency and the digital economy are flourishing, 68 percent of business leaders said their cybersecurity risks are also increasing.  Whether by accident or intent, many employees are often the root cause of successful cyber attacks. It's often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues and the CEO.

This social engineering is the key element in making effective attacks work and hackers are copying how the organisations operates to improve their hacking attack rates. 

As most people use their phones to manage financial operations or handle sensitive data outside the security of their home network, this becomes a prominent threat. The fact that users typically hold all their information on their phone, and this seriously increases the security risk if the device is lost or stolen.

For example, a user might be suspicious of an email claiming to come from a colleague that arrived in the middle of the night, but one which arrives in the middle of the working day is more likely to be treated as a legitimate email, with the potential for the victim to accidentally set the ball rolling for an attack.

Phishing is one of the cheapest, easiest cyber attacks for criminals to use, but the reason it remains a cornerstone of hacking campaigns is because, phishing works. 

While many phishing attacks are designed to look highly legitimate, there are ways to identify what could potentially be a malicious attack. For example, unexpected emails that are based around a sense of urgency could be viewed as suspicious. If a user is in doubt, they could contact the supposed sender of the message to see if it is a legitimate message.

Organisations should ensure they have proper and reasonable frequent cyber training for all employees as this reduces the likelihood of cyber-attacks gaining access by at least 80%. 

Update your software and security patches every six months or so as this decreases the effects of malware that relies on known vulnerabilities within your systems. With new advances in AI-driven technology, utilizing AI in cyber attacks will become an even more popular and dangerous trend.

For more information, please  contact Cyber Security Intelligence.

You Might Also Read: 

Dealing With Malicious Emails:

 

« Smart Technology In The Cyber-Age
Social Media Should Have Strict Privacy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Cyber Security Raad (CSR) - Netherlands

Cyber Security Raad (CSR) - Netherlands

The Cyber Security Council (CSR) is a national, independent advisory body of the Dutch government undertaking efforts at strategic level to bolster cyber security in the Netherlands.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Kompleye

Kompleye

Kompleye is a recognized cybersecurity and compliance audit organization that offer a comprehensive solution for different industries.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Cydea

Cydea

Cydea are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.