Cybercriminals are increasingly turning to social engineering to enter a corporate network, as they know that humans are the weak link in any company’s security plan, according to a report from security firm Positive Technologies. The firm studied its 10 largest pen testing projects performed for clients in 2016 and 2017. These tests included 3,332 emails sent to employees with links to websites, password entry forms, and attachments, mimicking the work of hackers.
If these emailed “attacks” had been real, 17% of the messages would have led to the compromise of an employee’s workstation, giving the hacker a foothold into the entire corporate infrastructure, the report found. According to the report, phishing was the most effective form of social engineering attack: 27% of recipients clicked the phishing link, which led to a fake website.
Read more about the findings of the new report by Positive Technologies on TechRepublic.