Cybercriminals now focus on exploiting employee behaviour; report
SANS Institute discovered that end-users are now the source of most breaches
Cybercriminals have changed their strategies from attacking technical vulnerabilities to now exploiting user behaviour, according to SANS Institute.
In its recent survey, ‘SANS 2017 Endpoint Risks and Protections', it discovered that browser-based attacks and social engineering are now the two most powerful techniques targeting organisations and where both techniques prey upon users as their initial point of entry.
According to the survey, 53% of respondents have knowledge of impactful compromises starting at their endpoints in the past 24 months, however 37% are unaware if they have been compromised during that timeframe.
Of the 53% of significant breaches that respondents knew about, just 48% were detected through endpoint detection and response (EDR) solutions. The remainder of detections were not directly from endpoint solutions, and included such sources as log analysis, security information and event management (SIEM) system alerts, cloud-based monitoring, and even third-party notification.
While users represent the top target leveraged by attackers, vulnerabilities such as misconfigurations or software flaws were also commonly leveraged in attacks against the endpoints, ranking as the third most common source of significant compromise, according to survey respondents.
Such vulnerabilities have been responsible for a number of large-scale attacks including the very recent and infamous WannaCry which is considered to be the most successful ransomware campaign to date.
Ned Baltagi, managing director, Middle East & Africa at SANS, said: "Cyber criminals are going after the weakest link- the employee. Unfortunately for organisations, this means that even after they have invested heavily in IT security technologies, poor security awareness among employees can still result in their systems being breached,
"Social exploits are becoming more sophisticated than ever before and even employees with the best intentions, can severely compromise the cyber security of their organisations."