The Biggest Threat in Cyber Security? You and Me.

There’s been a lot of talk in recent months about the coming robot apocalypse. I don’t mean the rise of Terminators in Arnold Schwarzenegger’s likeness, but rather of the inevitable point when white-collar professionals are made obsolete by machines. Sure, that may sound alarming at first, but at least you can take solace in the fact that there’s a silver lining — well, at least when it comes to one particular part of the modern workplace called email.

That’s because when the machines take over besides getting greater efficiency and increased performance, we’ll also finally be able to plug what’s currently the greatest cyber security threat: folks like you and me.

If you’ve seen the 2015 Verizon Data Breach Investigations Report, you know that we humans are real suckers when it comes to opening phishing e-mails. You know, the random ones that are being sent to you in the hopes that you click on the tainted links they contain. In fact, according to the latest edition of the report, which was released last month, phishing was by far the most popular and effective form of cyber attack in 2014.

Apparently nothing beats a good old email scam.

But today’s phishing attacks are actually less likely to be focused on getting your bank account details and more likely to be the precursor of a wider attack. Specifically, the people perpetrating today’s attacks often simply want to access your computer in order to launch further attacks. And, interestingly, according to the report the vast majority of attackers are actually governments. Well to be accurate, back in 2013 95 percent of phishing attacks were attributed to “state sponsored actors.”

Over the coming weeks, we’ll be publishing a handful of posts that offer up some of the highlights (lowlights?) of what is a terrific report and a great read. Of course, we recommend you read the whole thing yourself — it’s entertaining and educational, albeit slightly depressing — but in case you don’t have time to pour over its 70 pages, we’ll share some of the most interesting take aways with you.

For example, here are a few of the more sobering findings on the topic of phishing attacks:

  • 23 percent of recipients open phishing emails. That’s almost a quarter of us!
  • Shockingly, 11 percent of those who open the emails go on to click on their attachments.
  • In a recent test, the median time between when a batch of phishing emails was sent out and people opened them and clicked on the links they contained was just one minute and 22 seconds.
  • Of those who did open the emails, 50 percent did so within an hour.

Translation: today’s hackers are hugely effective at using e-mail to launch their cyber attacks.

For me, perhaps the most glaring point in all of this is the poor quality of the email systems people are using when they receive, open and click on the links these emails contain. The report doesn’t name names but it would be interesting to know which email systems are most egregious when it comes to letting these phishing attacks through.

Speaking personally, it’s been years since I’ve seen a phishing email in my inbox. Google takes care of that for my personal email and Microsoft does a decent job for work emails. Given my own experiences, it’s amazing to me that so many phishing emails make it through so that people can open them in the first place. But they are, so maybe it is time for machines to relieve us of this responsibility.

For a data-driven guy like me, Verizon’s report is a lot of fun to read and discuss. My colleagues and I will keep sharing interesting findings over the next few weeks. Hopefully they won’t be too depressing!