Why Human Vulnerabilities are a Higher Cyber Security Risk Than Software Flaws
Jonathan Greig at TechRepublic wrote an article based on recent Proofpoint research: “According to cybersecurity firm Proofpoint, the ‘vast majority’ of digital attacks aimed to exploit the “human factor” through phishing attempts and related efforts.
- Most fraudulent emails used brand names like Dropbox and DocuSign to get users to click on malicious links.
- Hacking attempts focused on human vulnerabilities in a system instead of lapses in software or hardware.
“EGL Tech has always been super responsive and supportive to this non-tech savvy person.”
“James has been particularly helpful the last couple times I've called. He seems to easily recall me and our company and is quick to jump in and help out! Excellent service from EGL tech and James!”
Cybersecurity firms and analysts have been sounding the alarm on vulnerabilities in most web-based systems, pointing to loopholes and lapses in security. But a recent report from Proofpoint, a cybersecurity firm, said most cyberattacks are designed to take advantage of human error instead of flaws in hardware or software.
In their 2018 Human Factor Report, Proofpoint analyzed cyberattacks throughout 2017, looking into attempted attacks on nearly 6,000 organizations across the world. They found that almost every industry suffered from a growth in the number of attacks, ranging from phishing to ransomware and cloud application breaches.
“Email remains the top attack vector…Attackers are adept at exploiting our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to persuade us to click,” the report said.
Some 50% of all clicks on malicious emails occurred within an hour of it showing up in the victim’s inbox. And 30% happened within 10 minutes of receiving the email. Hackers, either working on their own, with a group, or with a state-sponsored entity, attempted to take advantage of human trust in most cases. Nearly 55% of social media attacks that impersonated customer-support accounts were aimed at financial institutions.
“Many of these attacks rely on social engineering,” the report noted. “Others simply take advantage of inclinations for immediate gratification, improved status, or even the reward of ‘getting something for nothing.'”
The report continued: “But as the old adage goes, there is no such thing as a free lunch. The hidden costs of a bargain in social media channels can often be credential loss to phishing, coin mining through browser hijacking, and malware infections.”
Surprisingly, phishing emails purporting to be from Dropbox were far and away the most common lure hackers used, followed by fake DocuSign emails, which had a higher rate of success, the report said. Of all malicious emails searched in the survey, ransomware and banking Trojans accounted for more.
The study had a number of interesting observations and tidbits concerning when and how hackers attempt to infiltrate our lives. Europe and Japan had higher-than-usual proportions of banking Trojans, at 36% and 37% respectively, while the rest of the world suffered mostly from ransomware.
Proofpoint said education, consulting, and entertainment firms suffered from the largest number of email fraud attacks, with each organization averaging about 250 attacks.
Crimeware was specifically used when attacking the tech and healthcare industries, and the manufacturing industry was repeatedly hit with phishing attempts along with the construction industry.
“As the threat landscape continues to evolve, new tools and approaches are emerging regularly. But one thing remains constant: the human factor,” the report said. “More than ever, cyber criminals rely on people to download and install malware or send funds and information on their behalf.”