UPDATED 09:02 EST / APRIL 22 2015

NEWS

Cyberattackers go ‘phishing’ for corporate victims

14846499690_6bfc8ce61fCyberattackers are increasingly focusing their attacks on businesses rather than consumers, according to a new study by security company ProofPoint Inc. The current favored tactic is to exploit the fatigue of middle managers whose inboxes are often overloaded with emails, while attackers are also seeking to trade off attack volume with more sophisticated attacks.

Proofpoint’s second annual Human Factor Report details how cybercriminals are evolving their social engineering tactics to specifically target corporations. The study’s findings emphasize how human behavior, rather than system vulnerabilities, significantly undermines cybersecurity measures, and makes reccomendations on how these errors can be protected against.

Proofpoint said that on select days in 2014, it saw a 1,000 percent increase over the standard volume of email messages carrying malicious content. The most common malicious emails were voicemail and e-fax notifications, as well as personal and corporate financial alerts.

“The human element is one of the most critical aspects of your security program, yet it’s often the most neglected,” noted a December 2014 Forrester Research report titled “Reinvent Security Awareness to Engage the Human Firewall”. “However, this is the problem, security technologies that are critical to protecting your environment are often rendered useless due to easily avoidable human factors.”

The study found that, on average, employees would click on one out of every 25 malicious messages they received in 2014, double the number they clicked on in 2013. Moreover, not a single organization covered in the study was able to completely eliminate this problem. Most worryingly, Proofpoint found that middle managers were twice as likely to click on malicious messages as executives were. Personnel working in sales, finance and procurement departments were the most likely to click on malicious attachments, with such employees clicking 50-80 percent more frequently than personnel from other departments, the study showed.

Proofpoint also noted the vast majority of malicious messages arrive during business hours. It said that Tuesday was the most active day for clicking, with 17 percent more malicious messages being clicked on compared to other days of the week.

Also noteworthy, Proofpoint found attackers are reducing their reliance on social media lures, which fell by 94 percent in 2014. Instead, attackers are sending their malicious links via emails containing attachments rather than URLs.

“The Human Factor research validates the critical value of threat information – and provides insight into how, when and where attacks are taking place,” said evin Epstein, Proofpoint’s vice president of advanced security and governance. “The only effective defense is a layered defense, a defense that acknowledges and plans for the fact that some threats will penetrate the perimeter.”

Photo Credit: Bankenverband – Bundesverband deutscher Banken via Compfight cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU