Modern Cyber-Criminals Don't Hack in - They Log in

We may be almost three-quarters of the way through 2021, but the events of 2020 will continue to echo around the cybersecurity space for some time yet.

Cyber-criminals, galvanised by widespread disruption and remote teams, upped their efforts, hitting organisations with an arsenal of threats new and old. But whatever the tactic, most attacks shared a common trait — they were squarely targeted at people rather than infrastructure.

Ransomware attacks increased significantly last year, with email still commonly used as the point of entry. Meanwhile, another people-focused threat, credential phishing, was the most common type of attack, accounting for two-thirds of all malicious messages. Increasingly elaborate business email compromise (BEC) campaigns also emerged on the threat landscape.

There were new pretenders too. For example, steganography, the technique of hiding malicious payloads in pictures and audio files, was also wildly successful.

With so many common threats requiring human interaction, the modern cyber-criminal no longer needs to hack into an organisation. Much of the time, once they’ve gained access to the data th