Proofpoint Discloses Details of "People-Based" Cyber-Security Threats

EDITOR'S NOTE: Proofpoint's Vice President of Advanced Security & Governance Kevin Epstein will discuss the Human Factor research during the RSA Conference in San Francisco at 12:40 p.m. February 25 in the South Expo Hall Briefing Center.

Newly released report on The Human Factor challenges conventional wisdom; provides data on recent attacks and insight into how attackers exploit end-users' human failings to circumvent IT security.

SUNNYVALE, Calif. – February 24, 2014. Proofpoint, Inc., (NASDAQ: PFPT), a leading security-as-a-service provider, today released the results of a wide-ranging study that provides new insight into the ways attackers exploit end-users' psychology to circumvent IT security. The Human Factor report reveals that staff clicks on malicious links twice as much as executives, more than one in 15 people clicks on Phish at least a month after it first appears in their inbox,and social networking invitations (specifically LinkedIn invites) are twice as effective at persuading recipients to click – among other findings. Since the majority of current protection solutions focus less on human failings and more on system and software vulnerabilities, Proofpoint's findings in the Human Report on how attackers exploit end-users have significant security implications for enterprise preparedness and defensive strategies alike.

Among other findings, Proofpont's research reveals, but are not limited to, the following:

  • Every company clicks. On average, one out of 10 employees exposed to malicious links in email will click. Best-in-breed companies' employees are still clicking more than one percent of the time.

  • Attacks have a long shelf-life. More than one in 15 user clicks on malicious links are seen more than a month after the threat was delivered.

  • Mobility matters, Mobile Devices less so. 90 percent of total clicks on malicious URLs come from user's computers, not mobile devices – but 20 percent of those clicks happen when those computers are outside of the corporate firewall, on home or public networks.

  • People click on Social Networking communications. Top lures include social networking communications, order confirmations, and financial warnings… and the LinkedIn connection invitation gets on average two times as many clicks as any other communication.

  • Receiving too few or too many malicious threats results in a higher user click-rate. After 100 malicious messages, odds of clicking level-off at 60 percent likelihood. Although most targeted users click on malicious links within 24 hours, roughly seven percent of the users in the study clicked on malicious URLs later - as long as a month after receiving the link.

"This research validates one of the important directions we've been taking with our enterprise security offerings, which is to provide not only protection, but also insight into how, when and where attacks are taking place," said Kevin Epstein, Proofpoint's vice president of Advanced Security & Governance. "The only real defense is one that acknowledges and plans for the fact that some threats will penetrate the perimeter. Someone always clicks, which means that threats will reach users. Proofpoint's approach is effective because our systems can tell who those users are, where they are, and what's happening, in real-time."

Quick insight into the details of an attack is important because it enables security teams to focus their efforts where they count and take immediate action.

"In mid-2013, we began to see targeted spear phishing attacks on C-suite and Department Director accounts," said Leon Hoover, CIO of Hendry Regional Medical Center. "Proofpoint's Targeted Attack Protection™ product has not only significantly increased the block rate of attacks, it has also given us new insight. With Proofpoint, we can be proactive. We know exactly who's being targeted, who has been exposed, when and what they were exposed to. We're not wasting time trying to reactively chase down reports of possible breaches. And not to be dismissed, I have a solid documentation trail for the ever-looming HIPAA security audit."

Observations from Forrester Research Inc. also led to a similar conclusion as Hoover on an industry-wide basis: Insight into end-user actions, as well as malware's actions, is crucial to protection.

"Having spent heavily on technical controls, it's disappointing to find that enterprises are still getting hacked and leaking data. CISOs are, therefore, spending more time considering the human aspects of security, as these are commonly the weak link," according to the February 2014 Forrester Research, Inc., report entitled "Twelve Recommendations For Your Security Program In 2014." Further, Rick Holland of Forrester writes that "seventy-five percent of security decision-makers report that establishing or improving threat intelligence capabilities is a top priority for their organization." - If Everything Is Threat Intelligence, Then Nothing Is Threat Intelligence (Oct 30, 2013)

Proofpoint's Human Factor report is based on data gathered from the Proofpoint Targeted Attack Protection product in live customer environments. To receive a copy of Proofpoint's Human Factor report, please visit For more details on research behind the report, please visit

About Proofpoint, Inc.
Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint's expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information. More information is available at


Proofpoint and Proofpoint Targeted Attack Protection are trademarks of Proofpoint, Inc. in the U.S. and other countries. All other trademarks contained herein are the property of their respective owners.