Security News > 2021 > August > True cybersecurity means centering policies on employee behavior, report says
Credential phishing accounted for two-thirds of malicious emails, and attacks that tricked users into opening attachments were the most successful, enticing one in five people into opening them.
Business email compromise attacks have become more complicated, CAPTCHA screens are now being used to aid in the realism of malicious web pages, and steganography had the highest rate of success, with one in three falling victim.
"Attackers don't hack in, they log in, and people continue to be the most critical factor in today's cyber attacks. The threat ecosystem has evolved over the past year, and this report explores how a people-centric approach to cybersecurity can reduce today's risks," said Proofpoint's EVP of cybersecurity strategy, Ryan Kalember.
The 31-page report is divided into three areas: Vulnerabilities, which looks at how attackers are fooling users; attacks, which looks at how cybercriminals exploit vulnerabilities and the types, techniques, and tools they use; and privilege, which examines insider threats and how high-privileged users can become a risk, even unknowingly.
Looking over the report is a good way to learn what sort of risks an organization can expect, but Proofpoint also spells out how organizations and their IT leaders can implement a people-centric cybersecurity policy, which it again divides into three sections.
Training users to spot malicious messages by mimicking real-world attacks.