New TTP attack data covering 2023 sheds much needed light on the threat actor and user actions that are putting organizations at the most risk.
In cybersecurity vendor ReliaQuest’s Annual Cyber-Threat Report: 2024, there is a ton of great detail mapped to the MITRE ATT&CK Framework outlining which threat actions are used and how organizations are most effectively fighting back and stopping attacks.
According to the report:
- Phishing links or attachments were involved in 71% of all initial access phases of cyber attacks
- The top three MITRE ATT&CK techniques in attacks involved phishing or spear phishing
- Drive-by-compromise was used in 29% of attack
- QR code phishing saw a 51% increase in just one month – September – over the previous 8 months combined
It appears that there’s a ton of effort around attacks that involve targeting the user. So, just how well are your users responding?
According to ReliaQuest, sadly, in 29% of incidents, users helped to facilitate initial access. In other words, users aren’t exactly helping.
ReliaQuest has some recommendations to better secure users:
- Require employees verify transaction requests through an alternate means of communication
- Block newly-registered domains
- Monitor high-risk roles
- And educate employees through continual security awareness training
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.