Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

More than 99 Percent of Cyberattacks Need Humans to Click

Doorway to Cybersecurity
September 13, 2019
A new report highlights the ways in which cybercriminals target people, rather than systems and infrastructure, to install malware, initiate fraudulent transactions, steal data, and more.
 
The Human Factor report from Proofpoint found that nearly all successful email-based cyberattacks require the target to open files, click on links, or carry out some other action.

“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “More than 99 percent of cyberattacks rely on human interaction to work—making individual users the last line of defense. To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users.”

Proofpoint’s 2019 Human Factor report findings include:

  • More than 99 percent of threats observed required human interaction to execute - enabling a macro, opening a file, following a link, or opening a document – signifying the importance of social engineering to enable successful attacks.
  • Microsoft lures remain a staple. Nearly 1 in 4 phishing emails sent in 2018 were associated with Microsoft products. 2019 saw a shift towards cloud storage, DocuSign, and Microsoft cloud service phishing in terms of effectiveness. The top phishing lures were focused on credential theft, creating feedback loops that potentially inform future attacks, lateral movement, internal phishing, and more.
  • Threat actors are refining their tools and techniques in search of financial gain and information theft. While one-to-one attacks and one-to-many attacks were more common when impostor attacks first began to emerge, threat actors are finding success in attacks using more than five identities against more than five individuals in targeted organizations.
  • The top malware families over the past 18 months have consistently included banking Trojans, information stealers, RATs, and other non-destructive strains designed to remain resident on infected devices and continuously steal data that can potentially provide future utility to threat actors.

People-centric Threats

  • Attackers target people – and not necessarily traditional VIPs. They often target Very Attacked People (VAP™) located deep within the organization. These users are more likely to be targets of opportunity or those with easily searched addresses and access to funds and sensitive data.
  • Thirty-six percent of VAP identities could be found online via corporate websites, social media, publications, and more. For the VIPs who are also VAPs, nearly 23 percent of their email identities could be discovered through a Google search.
  • Imposters mimic business routines to evade detection. Impostor message delivery closely mirrors legitimate organizational email traffic patterns, with less than 5 percent of overall messages delivered on weekends and the largest portion - over 30 percent - delivered on Mondays.
  • Malware actors are less likely to follow expected email traffic. Overall malicious message volumes sampled in the second quarter of 2019 were distributed more evenly over the first three days of the week and were also present in significant volumes in campaigns that began on Sundays (more than 10 percent of total volume sampled).
  • Click times have traditionally shown significant regional differences, reflecting differences in work culture and email habits among major global regions. Asia-Pacific and North American employees are far more likely to read and click early in the day, while Middle Eastern and European users are more likely to click mid-day and after lunch.

Email Attacks: Verticals at Risk

  • Education, finance, and advertising/marketing topped the industries with the highest average Attack Index, an aggregated measure of attack severity and risk. The education sector is frequently targeted with attacks of the highest severity and has one of the highest average number of VAPs across industries. The financial services industry has a relatively high average Attack Index but fewer VAPs.
  • 2018 saw impostor attacks at their highest levels in the engineering, automotive, and education industries, averaging more than 75 attacks per organization. This is likely due to supply chain complexities associated with the engineering and automotive industries, and high-value targets and user vulnerabilities, especially among student populations, in the education sector. In the first half of 2019, the most highly targeted industries shifted to financial services, manufacturing, education, healthcare, and retail.
  • The Chalbhai phish kit, the third most popular lure for the first half of 2019, targeted credentials for many top U.S. and international banks and telecommunications companies, among others, using a range of templates attributed to a single group but leveraged by multiple actors.
  • Attackers capitalize on human insecurity. The most effective phishing lures in 2018 were dominated by “Brainfood,” a diet and brain enhancement affiliate scam that harvests credit cards. Brainfood lures had click rates over 1.6 clicks per message, more than twice as many clicks as the next most clicked lure.
KEYWORDS: cyber security cyberattack cybersecurity malware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • smartphone1-900px.jpg

    More than 70 Percent of Mobile Devices on the Five Major US Carriers Highly Susceptible to Breach

    See More
  • dataprivacy

    More Than 45 Percent of U.S. Employees are Unaware of the CCPA

    See More
  • hacker

    Cost of Ransomware Related Downtime Increased More Than 200 Percent

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing