Ten Stats that Reveal How Today’s Cyber Attacks Target People First, Not Infrastructure

February 26, 2019
Ken Brown

Organizations are spending more than ever on cybersecurity. But attacks are getting through at an unprecedented rate, wreaking havoc on the revenues and brand reputations of businesses around the globe.

The problem? Companies still implement traditional cybersecurity models built for an earlier era. These models lock down the perimeter and deal with threats only after they get through. 80% of cybersecurity spending still goes toward this type of infrastructure-focused defense.

But today, it is people, not technology, who are the attackers’ biggest target--and an organization’s biggest risk. To effectively fight attacks, we need to understand who is being targeted and how.

The best way to convince your stakeholders to start investing in a people-first security strategy is by sharing the data on the nature of attacks targeting end users. Here are ten stats from Proofpoint researchers that will help:

1. More than 99% of today’s cyber attacks are human-activated. Click here to tweet this stat.

2. In Q318, corporate credential phishing attempts quadrupled vs. the year-ago quarter. Click here to tweet this stat.

3. Email fraud attacks rose to 36 per targeted organization in Q318, up 80% over the year-ago quarter. Click here to tweet this stat.

4. Email fraud attacks in the education sector soared 192% year-over-year to 40 attacks per organization on average. Click here to tweet this stat.

5. Workers in operations and production functions represent 23% of highly targeted attacks. Click here to tweet this stat.

6. Customer support fraud on social media soared 483% in Q318 over the year-ago quarter. Click here to tweet this stat.

7. Web-based social engineering attacks jumped 233% from Q2-Q318. Click here to tweet this stat.

8. Individual contributors and lower-level management accounted for 67% of highly targeted malware and phishing attacks. Click here to tweet this stat.

9. Attacks against executives and upper-level managers represented about a third of all attacks in Q318. Click here to tweet this stat.

10. More than 99% of all fraudulent emails used a spoofed display name in Q318, up from 90% in the previous quarter. Click here to tweet this stat.

Want to learn more about how you can protect your end users? Download our latest guide.