The Human Element
Mistakes and error in judgment is a core part of the human experience to learn and grow; however, when it comes to security, they could play a significant role in cybersecurity breaches.
According to the IBM Cybersecurity intelligence index report, human error is a major contributing cause in 95% of all breaches. It is safe to imagine that the majority of this 95% could be unintentional and because of a variety range of reasons such as recklessly infecting the system with malware, failing to follow the security protocols and policies, naively falling for a socially engineered trap, or just taking the shortest and easiest path like an easy password.
Based on Verizon’s 2021 data Breach Investigation Report (DBIR), 61% of breaches are attributed to exploited credentials. Passwords with privileged access to the organization’s resources could create a disastrous incident for the companies and their customers. DBIR indicates that “privilege abuse” had been the cause of almost 80% of the breaches.
A Google study in 2019 revealed that:
- 75% of Americans are still struggling to choose & maintain passwords
- 24% have used simple passwords such as: 111111, abc123, Password, 123456, etc
- 59% of US adults used a combination of their birthday or name with passwords
NCCIC/US-CERT recommends choosing strong passwords and securely maintaining them can help us to reduce breaches.
In my personal experience receiving phishing emails generally depends on the level of your digital exposure and footprint in modern societies. I used to have Facebook and Instagram accounts, contributing to receiving several emails and notifications daily. Other than limiting unnecessary social media presence, there are different ways to minimize the amount of receiving emails in your inbox, such as 3rd party apps that can automatically opt you out of the list and blocking emails based on the configuration of white/blacklisting. My email security setting usually won’t let many phishing emails in my inbox. Still, even if they arrive, I wouldn’t bother opening them while my wife receives hundreds of emails daily.
To avoid spear phishing attacks:
- Security team should train the employees.
- Implementing security measures to prevent or minimize receiving phishing emails.
- Stay updated by research and get to know new threats and intelligence in the business fields.