Cybercriminals can gain access to a digital environment in a variety of ways. As technical security controls continue to make “hacking in” increasingly difficult, cybercriminals look for less resilient targets: the human layer. As the human layer continues to be the most enticing attack vector, criminals are showing their willingness to search for any weakness, targeting employees in both professional and personal settings. Sadly, most organizations continue to focus on technology-based security layers while ignoring the human layer. Additionally, most humans remain vulnerable because they don’t take precautions in their personal lives to prevent being compromised.
Cyber threats continue to grow as criminals rely on the tried and tested attack methods while developing new, more sophisticated ways to infiltrate digital environments and minimize the effectiveness of your human defense layer. To best defend your organization from a cyber attack, employees must have the knowledge, adapted habits and behaviors necessary to drive a culture of security. Training needs to be transformed into something more developed, consistent and instinctive.
We continue to see significant year-over-year increases in phishing attacks across all geographies, industry verticals and organization sizes. Cybercriminals do not discriminate when they consider victims, as carefully constructed attacks target humans both at work and play, day or night through various types of social engineering. Cybercriminals will continue to exploit humans as they determine their next intrusion strategy. As we continue to deal with socioeconomic and health issues globally, we also need to contend with advancements in Artificial Intelligence strengthening a cybercriminals arsenal.
The FBI’s 2022 Internet Crime Complaint Center (IC3), continued to receive a record number of complaints from the American public: 800,944 reported complaints (2,175+ daily), which was a 5% increase from 2021, with potential losses exceeding $10.3 billion. Additionally, business email compromise incidents accounted for 21,832 complaints with an adjusted loss of nearly $2.7 billion. And these are just the reported incidents. Investment scams and ransomware attacks on critical infrastructures proved to be the most lucrative scams. Industries are grappling with how they can better develop their human defense layer to detect, protect and report suspicious actions before it’s too late.