The human layer continues to be the most enticing attack vector for cybercriminals. Sadly, most organizations continue to neglect this easily penetrable entry point. Throughout 2021, the world continued to see significant year-over-year increases in phishing attacks. No industry vertical, size of business or geography was immune. The human layer was under attack in both professional settings and personal settings. Cybercriminals do not discriminate when they consider victims, as carefully constructed attacks target humans both at work and play, day or night through various types of social engineering.
The FBI’s Internet Crime Complaint Center (IC3), continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion. Additionally, business email compromise incidents accounted for 19,954 complaints with an adjusted loss of nearly $2.4 billion. And these are just the reported incidents.
Industries are grappling with how they can better develop their human defense layer to detect, protect and report suspicious actions before it’s too late and their systems are compromised.
Most organizations turn first to technology as the means to combat cybercriminals, not taking into account that investing in human awareness and intervention is equally, if not more, critical. According to the Verizon 2022 Data Breach Investigations Report, 82% of all security incidents involve a human element, proving how susceptible humans can be.
Security leaders who continue to invest solely in sophisticated technology and security orchestration run the risk of overlooking a best practice proven to reduce their vulnerability: security awareness training coupled with frequent simulated social engineering testing. This approach not only helps raise the readiness level of humans to combat cyber crime, it lays the critical foundation necessary to drive a strong security culture throughout an organization.
As the world finally begins to emerge from the grip of the COVID-19 pandemic, social engineering attacks continue to rise. The use of email, phone calls, texts, social media and other outreach methods all work together to evade an organization’s secure infrastructure as workforces and individuals remain more distracted and exposed than ever.