The 2022 Human Factor Report Explores a Year of Headline-Making Attacks
At the start of 2021, vaccine rollout let people imagine an end to pandemic disruption. But some of the world’s smartest cyber criminals weren’t interested in returning to business as normal. Over the first half of the year, a series of ransomware attacks on global infrastructure pushed cybersecurity to the top of the political and media agenda. That’s a position the topic still occupies as geopolitical tensions raise the possibility of state-directed cyber-attacks.
But while big targets and big ransoms made headlines, perennial threats like business email compromise (BEC) often carried the biggest costs. After a year like 2021, it’s worth noting that for most defenders, it’s the stress of hijacked invoices and financially motivated malware that fills their days, not state-sponsored attacks.
Key findings from this year’s Human Factor include:
- More than 20 million messages tried to deliver malware linked to eventual ransomware attack.
- Over 80% of businesses are attacked by a compromised supplier account in any given month.
- Attackers attempt over 100,000 telephone-oriented attacks every day.
- SMS-based phishing attempts doubled in the U.S. year over year.
- Managers and executives make up only 10% of users, but almost 50% of the most severe attack risk in our data.