Proofpoint’s Annual Human Factor Report Reveals How 2020 Transformed Today’s Threat Landscape

Work From Home

More than 48 million observed messages containing malware capable of downloading ransomware foreshadowed the risk of recent high-profile cyber attacks

SUNNYVALE, Calif., August 4, 2021Proofpoint, Inc. (NASDAQ: PFPT), a leading cybersecurity and compliance company, today unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk—vulnerability, attacks, and privilege—and how the extraordinary events of 2020 transformed the current threat landscape. Human Factor 2021 draws on data and insight from a year’s worth of research, covering threats detected, mitigated, and resolved across one of the largest datasets in cybersecurity.

“Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyber attacks. The threat ecosystem has evolved over the past year, and this report explores how a people-centric approach to cybersecurity can reduce today’s risks,” said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint. “In addition to troubling growth in volume and sophistication of ransomware and business email compromise (BEC) attacks, we discovered massive spikes in lesser-known methods like CAPTCHA techniques and steganography, which proved surprisingly effective.”

Every day, Proofpoint analyzes more than 2.2 billion email messages, 35 billion URLs, 200 million attachments, and 35 million cloud accounts. This report draws on analysis of that data throughout 2020 by our team of expert threat researchers and reveals risks and vulnerabilities that persist today:

  • Ransomware was omnipresent, with more than 48 million messages containing malware capable of being used as an entry point for ransomware attacks. Email remains a crucial part of these attacks, serving as the route through which much of the first-stage malware used to download ransomware is distributed.
  • Credential Phishingboth consumer and corporatewas by far the most common form of cyberattack, accounting for two-thirds of all malicious messages. This credential phishing leads to account compromise, from which other attacks like business email compromise (BEC) and data theft are launched.
  • Of all Phishing methods (attachment, data, link), attachment proved the most successful, with an average of one in five users clicking—a higher rate than the other two combined.
  • Increasingly elaborate BEC fraud attempts emerged. In one case, Proofpoint detected that a single threat actor (TA2520) used BEC to impersonate C-Level executives, instructing multiple email recipients to transfer sums of more than $1 million in the name of a phony corporate acquisition.
  • Steganography was wildly successful, with more than 1 in 3 people targeted in such attack campaigns clicking the malicious email—the highest success rate of all attacks. Steganography is the technique of hiding malicious payloads within seemingly innocuous files like pictures and audio. After the hard-to-detect files land on users’ machines, they are decoded and activated.
  • Attacks using CAPTCHA techniques garnered 50 times as many clicks as the year prior. Because people typically associate CAPTCHA challenges with anti-fraud measures while working from home, five percent clicked—a fiftyfold increase.
  • Cyberthieves used Remote Access Trojans (RAT). In fact, nearly 1 in 4 email threat campaigns employed RAT software tools. For example, the volume of threats delivering Cobalt Strike—a commercial security tool that helps organizations probe for system weaknesses—jumped 161 percent.
  • 1 in 4 attack campaigns used compressed executable files to hide malware. The method requires a user to interact with a malicious attachment like an Excel spreadsheet or PowerPoint slide deck to execute the payload.

To download Proofpoint’s Human Factor 2021 report, please visit:

For more information on creating a people-centric cybersecurity strategy, please visit:

About Proofpoint, Inc.

Proofpoint, Inc. (NASDAQ: PFPT) is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyberattacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at


Connect with Proofpoint: Twitter LinkedIn | Facebook YouTube




Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.