More than 99pc of cyberattacks need humans to click, Proofpoint says

10 Sep 2019

Image: © Syda Productions/

New research highlights that most cybercriminals target people, not systems, when orchestrating attacks.

The origins of some of the most devastating cyberattacks are startlingly banal. In fact, the latest research from cybersecurity company Proofpoint has found that more than 99pc of cyberattacks require human interaction to succeed.

Far from creating complicated Trojans to worm through the defences of the most advanced systems, getting users to click a fraudulent email or nefarious attachment is often the tool of choice for cybercriminals.

The Human Factor 2019 report examines the practices of threat actors based on an 18-month analysis of data collected across Proofpoint’s global customer base.

“Instead of attacking computer systems and infrastructure, threat actors focused on people, their roles within an organisation, the data to which they had access and their likelihood to ‘click here’,” the report explains.

Less than 1pc of cyberattacks, the research team explains, exploit system vulnerabilities. Whether it be attacks at a massive scale or targeted campaigns that rely on harvested information about prospective victims, human beings were consistently found to be “the most effective vectors to infiltrate organisations and facilitate fraud and theft”.

Individual users are the ‘last line of defence’

“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice-president of threat operations for Proofpoint.

“More than 99pc of cyberattacks rely on human interaction to work — making individual users the last line of defence. To significantly reduce risk, organisations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defences that provide visibility into their most attacked users.”

The research also found that nearly one in four phishing emails sent in 2018 were associated with Microsoft products, although 2019 has seen a shift towards cloud storage, DocuSign and Microsoft cloud services.

The research also found that attackers don’t necessarily target traditional ‘VIPs’ within an organisation. Instead, the ‘very attacked people’ are often the ones that are easily discoverable via online search.

Phishing messages often successfully emulate the email traffic patterns of an organisation. Less than 5pc of emails are sent on weekends and the largest portion, more than 30pc, are sent on a Monday.

Most fraudulent email subject lines will concern ‘payment’ of some kind or will often be marked as ‘urgent’.

Proofpoint recommends, among other things, that enterprises develop a people-centred security protocol and advises that organisations train users to spot and report malicious email. You can read the report in full here.

Eva Short was a journalist at Silicon Republic