Proofpoint released their 2019 human factor report back in early September. We won’t go into the details but it basically boils down to 99% of cyberattacks rely on some form of human involvement.
To be fair to us humans, attacks are getting more and more sophisticated, and cybercriminals have realized that people are much easier targets compared to systems protected by layers of modern network and application security services.
Phishing has been and continues to be the top method to prey on us. Instead of just relying on traditional large scale email phishing campaigns to lure us in, attackers are taking a “craft approach”. In the same way a local brewery carefully creates small signature batches of beer, they are using precision targeting, social engineering, and messaging that’s tailored to small groups and in some cases, even to individuals.
No matter how sophisticated, network and email security systems can only do so much. Even the best email scanners still let spam and phishing attacks through to end users. These systems rely on elements such as IP addresses, text patterns, and attachments that have to be analyzed to then create a signature that can be used to identify suspicious emails. The “craft” attacks are so customized that no signature engine can keep pace with all the variations in time to keep users safe.
To defend against these attacks you need to bolster your identity and access protections with additional tools such as multi-factor, 2-factor and passwordless authentication. If login credentials are stolen, there’s additional friction the attacker encounters that could stop them. But even the latest biometrics and hardware-level security can be overcome if a device is stolen or if a user is “shoulder-surfed”.
The best way to minimize the risk of an attack, even with advanced 2-factor authentication, is to monitor and react to changes in the user risk posture in real time. Transmit’s cross-channel, continuous adaptive risk engine tracks user, device and system history to detect anomalies as they happen then deploy additional security measures including additional authentication steps, system restrictions, and can even lock a remote device if needed.