When it comes to cybersecurity, no doubt humans are the weakest link. No matter how many layers are added to your security stack, nor how much phishing education and awareness training you do, threat actors continue to develop more sophisticated ways to exploit the human vulnerabilities with socially engineered attacks. In fact, as security defenses keep improving, hackers are compelled to develop more clever and convincing ways to exploit the human attack surface to gain access to sensitive assets.
The prime manner for exploiting human vulnerabilities is via phishing, which is the cause of over 90% of breaches. Phishing attacks continue to occur in email. However, improved defenses and employee awareness around phishing emails has caused hackers to use additional attack vectors, including ads, pop-ups, instant messaging, social media, rogue browser extensions and freeware. Phishing attacks are moving in droves to these web-based tactics where users’ guards are down, deploying all manner of techniques to target human weakness. In the end, it doesn’t matter which attack vector is used to get through to your employees. What matters is whether they “take the bait” by clicking on the link and what happens next.