Human Factor 2016
Today’s advanced attacks focus more on exploiting human flaws than system flaws. To explore this under-reported aspect of enterprise threats, we created The Human Factor.
This paper presents original ﬁeld research using data gathered by Proofpoint products deployed in customer settings around the world. It covers the latest trends in in email attachments, social media posts, and URLs. The Human Factor reveals not just who is clicking what, but how threat actors are exploiting the human factor. Because as the data makes clear, the weakest link in security is all of us.
Highlights of this year’s report include:
- Extending a shift that began in 2014, URL-based campaigns gave way to massive, constantly evolving campaigns that deliver malware payloads through malicious documents.
- Social engineering has become the No. 1 infection vector.
- Campaigns are more tailored to target regions.
- Social media and mobile apps are no longer corner cases for information security policy. Instead, they have become a key route to victims.
WHO IS CLICKING AND HOW THREAT ACTORS ARE EXPLOITING THE HUMAN FACTOR
NINE DEFENSIVE RECOMMENDATIONS
Attackers know that people make the best exploits. Oganizations need to defend themselves against a wide range of threats.
See key findings and defensive recommendations from the Human Factor Report and learn why the weakest link in security is all of us.
By the Numbers
TARGETING PEOPLE WHEN AND WHERE THEY CLICK
While the high-volume campaigns of 2015 were highly targeted by geography on the whole, they were much less selective within each region: email campaigns tended to blanket every person and department within a targeted organization.
This infographic provides a detailed look at each campaign's start and how it moved across the global landscape.
HUMAN FACTOR WEBINAR
Join Proofpoint Director of Threat Intelligence Patrick Wheeler for a webinar presentation of the original ﬁeld research from data gathered by Proofpoint products deployed in customer settings around the world. Patrick will cover threats in email attachments, social media posts, and URLs.
In this webinar you will see not just who is clicking what—but when, where, and why they are clicking:
- Who is being targeted, and who is falling victim
- What attackers are sending, and which lures are working
- When threats arrive, and when people are most likely to click