The human factor remains a major cause of cyber incidents. KnowBe4 sees a sharp increase in attacks where human action, whether conscious or unconscious, is the root cause.
More and more organizations are affected by cyber attacks in which employees play a crucial role. In the past year, the number of cyber incidents caused by human actions increased by 90 percent. This is according to global research by KnowBe4 among 700 cybersecurity leaders and 3,500 employees.
Phishing is spreading across multiple channels
Email remains the primary attack vector: 64 percent of organizations report incidents via this channel. In addition, 57 percent saw an increase in the number of email attacks. In 59 percent of cases, phishing led to account takeovers.
It is striking that cybercriminals are no longer limited to email. 39 percent of organizations reported successful attacks via messaging platforms such as Microsoft Teams and Slack. Social media (36 percent) and smishing via SMS messages (31 percent) are also being used more frequently. This development leads to a situation in which employees can be targeted on multiple digital channels simultaneously.
Human errors and internal threats remain persistent
In addition to external attacks, internal threats also cause serious security problems. 36 percent of the cybersecurity leaders surveyed indicated that employees intentionally caused incidents. Timely action could only be taken in six percent of those cases. In 43 percent of cases, it involved leaking or selling data to competitors.
At the same time, human errors pose a structural risk. 90 percent of organizations experienced incidents such as incorrectly sent emails or the sharing of sensitive information via collaboration platforms.
The research also shows a gap between policy and perception. Less than a third of employees feel responsible for the security of company data. Almost half do not consider the data they work with to be the property of the organization.
Only 16 percent of organizations have a human risk program. Virtually all cybersecurity leaders (97 percent) indicate that they need more resources to address human risks.