The nature of cyberattacks is changing. No longer are threat actors spending weeks probing network perimeters and trying to find a backdoor entry. Nor are they searching for unsecured and undersecured servers and network devices. Instead, threat actors today are overwhelmingly targeting the weakest link in the security apparatus: people. In fact, 95 percent of attacks in 2018 used email as the primary attack vector.
As cyberattacks increase in frequency and sophistication, customers feel forced to deploy an array of solutions in the hope that a best-ofbreed mindset will protect their network. Two of the most critical areas are email and web security. While the solutions that customers have deployed work well in their respective areas, the associated cost of operating and maintaining these solutions can be prohibitive.
Email- and web-based attacks are sophisticated, in that the attacker has spent time and effort to understand their victim and, in many cases, created custom ways to ensure that the user takes the call to action, resulting in compromise (credential theft, malicious download, wateringhole attack, etc.). The software, infrastructure, and skill set needed by cybercriminals to replicate and launch attacks at scale make the business of cyberattacks similar to that of Software-as-a-Service (SaaS) companies. The SaaS approach, as it has been adapted by cyberattackers, allows them to easily and continuously evolve their threats. In addition, attackers continue to improve their social engineering techniques to prey on people’s emotions, curiosity, and insecurities. In fact, 12 percent of users will open a malicious email, and 4 percent will always click a link in a malicious email.