The Human Factor 2022 | Proofpoint AU

The Human Factor 2022

The Human Factor of Cybersecurity

Since 2014, the Human Factor report has explored a simple premise: that people—not technology—are the most critical variable in today’s cyber threats.

In cybersecurity terms, 2021 was the breakout year when financially motivated cyber crime became a national security issue. It was also a year marked by ceaseless creativity from threat actors who worked to undermine digital defences and take advantage of the many opportunities presented by an uncertain world.

After a year that changed the world, it turns out that some things stayed the same. Attackers remained as unscrupulous as ever, making protecting people from cyber threats an ongoing—and often fascinating—challenge.

Key Findings:

Managers and executives make up only 10% of users, but almost 50% of the most severe attack risk.

Malicious URLs are 3-4x more common than malicious attachments.

Attackers attempt to initiate more than 100,000 telephone-oriented attacks every day.

Smishing attempts more than doubled in the U.S. over the year, while in the U.K. over 50% of lures are themed around delivery notification.

More than 20 million messages attempted to deliver malware linked to eventual ransomware attack.

of businesses are attacked by a compromised supplier account in any given month.

35% of cloud tenants that received a suspicious login also saw suspicious post-access activity.

Data loss prevention alerts have stabilised as businesses adopt permanent hybrid work models.

What this report covers

This report dives deep into each of three facets of user risk–Vulnerability, Attacks and Privilege.

It examines key developments in the threat landscape. It explores the developing relationship between cyber criminal groups and what it means for the rest of us. And it explains how a people-centric defence can make users more resilient, mitigate attacks and manage privilege.

This report covers threats detected, mitigated and resolved during 2021 among Proofpoint deployments around the world, one of the largest, most diverse data sets in cybersecurity.

Mingling to business and personal

According to the results of our annual State of the Phish report, almost half of working adults shifted to a remote working environment as a result of COVID-19. One thing to emerge clearly from this shift is a definite mingling of business and personal. And this is perhaps nowhere more apparent than in how people use their personal and work devices.

Nearly three-quarters said they used a personal device for work purposes.

77% said they accessed personal accounts on an employer-issued device.

55% of respondents admitted that they allow friends and family to use their work computers and phones.

The Ponemon Institute’s 2022 report on this subject measures a 44% increase in insider threat incidents since 2020.

2021 was a year unlike any other, for both cybercriminals and security professionals

A year that saw an explosion of ransomware, a new breed of SMS attacks, and where legitimate cloud services became a hotbed for criminal activity. We detail all these developments, as well as prevention strategies, in our new report: The Human Factor 2022.

Download today to learn:

The ways attackers are targeting your people.
The harm caused when privileged access is compromised.
Why a people-centric cyber defence is essential.

Thank you for filling out the form.

Vulnerability

Report Highlight: Quantifying Vulnerability

The easiest way to quantify vulnerability without putting your organisation
at risk is to test employee responses to simulated threats. Data collected last year from our phishing simulation tool showed a failure rate range of between 4%–20% depending on the type of attack being tested.

Viewed by department, failure rates vary from 6%–12% with the average being 11%. Several high-profile (and highly targeted) departments fill out the lower reaches of the table, including IT, legal and finance, though there are several potentially lucrative targets at or above the average rate, including operations and purchasing.

Attacks

Report Highlight: Malware Who’s Who

Before the 2021 takedown of its infrastructure, Emotet was the world’s most frequently distributed malware. Since returning at the end of the year, Emotet’s developers have been linked with both TrickBot and Conti groups.

Privilege

Report Highlight: High-privilege users disproportionately targeted in attacks

Across the organisations in our dataset, around 10% of users are classified as being managers, directors or executives. However, our data shows that this group represents almost 50% of the most severe risk or attack.

Similarly, departments that deal with sensitive information, such as finance, human resources and legal, tend to be at higher risk than functions such as marketing and product.

One thing that immediately stands out in the leaked chats is Conti’s organisational structure. The group operates like an ordinary business, with salaried employees, vacation allowances and a human resources department.

Conti Ransomware Group

Read the full report

Over the past year, we’ve seen a growing trend of cyber criminals going to surprising lengths to develop rapport with victims before attempting to initiate an attack.

"Friendly" Fraudsters

Read the full report

In any given month, more than 80% of our customers receive a threat that appears to originate from one of their suppliers.

Supply Chain Risk

Read the full report