A recent study by Proofpoint, entitled The Human Factor Report 2015, revealed a number of interesting points, such as the fact cybercriminals have started to concentrate on middle managers with malicious e-mails. Employees in sales, procurement and finance were the worst offenders for clicking on links in malicious messages.
Middle managers may have been targeted because they were more susceptible. “In 2014, managers effectively doubled their click rates compared to the previous year,” the report noted. “Additionally, managers and staff clicked on links in malicious messages two times more frequently than executives.”
It also suggested hackers were adapting their attacks more rapidly than users could learn how to counter them. “The use of social media invitation lures, which were the most popular and effective e-mail lures in 2013, decreased 94% in 2014,” the report noted. “E-mail lures that employ attachments rather than URLs, such as message notification and corporate financial alerts, increased significantly as a vector.”
On certain days in 2014, there was “a 1,000% increase in messages with malicious attachments over the normal volume”.
Proofpoint also found that, on average, users clicked one of every 25 malicious messages delivered. “No organisation observed was able to eliminate clicking on malicious links,” it warned.
There’s always one
A point echoed by Kevin Epstein, Proofpoint’s vice president of advanced security & governance. “Someone always clicks, which means that threats will reach users,” he said. Epstein argued a layered defence that acknowledged and planned for the fact some threats would penetrate the perimeter was the only effective approach.
Another method to reduce the risks of people clicking on malicious messages, though not one proposed by Epstein, might be to give everyone the morning off on Tuesdays and Thursdays.
While the report found, unsurprisingly, that the majority of malicious messages were delivered during business hours, it also elicited the fascinating fact that they peaked on Tuesday and Thursday mornings. The worst time was Tuesday, with 17% more clicks than for the other weekdays. Does this suggest people are less alert on those days? If so, that seems a bit surprising.
You might expect, for example, that people would be less observant on a Friday afternoon because their thoughts would already be turning to the weekend. Monday morning would also seem to be a good time to send malicious messages because people might be slightly befuddled if they are recovering from the weekend.
Then again, maybe more malicious messages are being delivered on Tuesdays because the hackers are struggling to get up to speed on a Monday morning after a wild weekend. Maybe the same goes for Thursdays too because they’re distracted by the forthcoming weekend to be productive on a Friday. Maybe The Human Factor applies to hackers too.
Subscribers 0
Fans 0
Followers 0
Followers