Cyber security awareness provider SoSafe’s ‘Human Risk Review 2022’ survey shows an ever-worsening cyberthreat situation. According to the survey, one in three organisations (35%) has experienced a successful cyberattack in the past year. Furthermore, nine out of 10 (90%) cyber security experts confirmed this deteriorating situation.

"With the Human Risk Review, we want to provide insights into current trends and developments in the European cyber threat landscape. Our goal is to further raise awareness of this topic – especially for the 'human factor' in information security," says Dr Niklas Hellemann, managing director of SoSafe.

Other sources also verify that this is important: a survey by Allianz Insurance shows that cyber incidents are the number one business risk worldwide. At the RSA Conference 2021, Cisco CEO Chuck Robbins spoke of $6 trillion in damages per year. The interface between man and machine remains the number one entry point – more than 85% of all attacks start with the human factor.

THE 'HUMAN FIREWALL'
While cybercriminals are becoming increasingly professionalised, the defending side must also position itself accordingly, "Employees need more than security guidelines. Employees can be activated as a 'human firewall' to sustainably reduce the security risk. To achieve this, a security culture must be established in companies that involves people and supports them in identifying cyberthreats and behaving safely," says Hellemann, a qualified psychologist.

Phishing and social engineering remain perennial issues. Attacks evolve continuously and are adapted based on current political or social situations, such as in the war of aggression in Ukraine: "Within a very short time, social engineering attacks were circulating, exploiting people's willingness to help Ukraine," he adds. SoSafe's data shows that these tactics work: almost half of all users (45%) open phishing emails. Of those, nearly one in three (30%) click on links, attachments or other malicious content contained within.

A steady trend can be seen when differentiating between groups of people: As in 2021, men click on phishing emails more often (29%) than women (20%) and younger people more often (18-49 years; 29%) than older people (over 50; 19%). 58% of users who clicked also interact with the content and, for example, enter personal data in fake login screens. This means that the opening, click and interaction rates for phishing emails remain at a high level. Compared to the previous year, they have risen even further.

The Human Risk Review helps with this, claims Hellemann. “It gives security managers recommendations for action to strengthen the security culture in companies holistically and sustainably. With the help of SoSafe's ‘Behavioral Security Model’, organisations can significantly and effectively minimise human risks, based on psychological approaches. SoSafe's data shows that systematic awareness measures reduce risks by up to 90%.”

HYBRID WORK MODELS STILL POSE CHALLENGE
Three out of four respondents (75%) say that remote work and hybrid work models have exacerbated the attack situation. This is not surprising, states SoSafe, as hybrid working models have brought with them new communication channels that open up additional entry routes for cyberattacks on companies by cybercriminals. “They continue to rely increasingly on social engineering, because people can always be attacked with one common tactic: emotional manipulation.” Psychologically-based approaches thus significantly and effectively help to minimise human risks in an organisation. “Therefore, 99% of respondents want to strengthen their organisation's own security culture in the coming year.”