The human attack surface, counting it all up

Humans have become the primary attack surface for cyber criminals.

The human attack surface, counting it all up
Credit: Pelle Sten

As the world goes digital, humans have moved ahead of machines as the top target for hackers.

Ninety-one percent of attacks by cyber criminals start through email, according to email security provider Mimecast. These spear phishing attacks target humans, luring them to click on malicious URLs that place ransomware on their computers and phones.

The path of least resistance for black hats are non-technical hacks that rely on tricking humans into revealing their login credentials and passwords. With that in hand, cyber thieves proceed to steal personal identities and money.

How many humans are we talking about?

Microsoft estimates that by 2020 4 billion people will be online — twice the number that are online now. The 500 largest U.S. corporations by revenues which appear on the Fortune 500 employed 27 million people in total last year - about 17 percent of the nation's workforce. The world's 2,000 largest publicly traded companies which appear on the Forbes Global 2000 account for approximately 87 million employees.

Employees at large corporations are especially attractive to hackers who are after personal identities, which can be sold in black markets on the dark web. Privileged users who oversee and have access to hundreds or thousands of user credentials are big game.

At the opposite end of the spectrum - it is estimated that by 2020 around 50 percent of the U.S. workforce will be self-employed, according to a Business.com article last year. These people are small business owners, independent contractors, and part-time freelancers.

Most small business employees do not receive any type of security awareness training by their employers. This makes them easy prey for hackers. Small businesses — who don’t train their employees on security risks — are susceptible to the Business Email Compromise Scam (BEC), which the FBI says has led to over $3 billion in losses.

In the U.S there's more than 100 million workers, according to data published by the U.S. Census Bureau. Or, 100 million sitting ducks - as far as hackers are concerned.

Market researcher IDC predicts global wearable devices (i.e. smartwatches, electronic fitness trackers) will grow from a little over 76 million in 2015 to more than 173 million by 2019. A PC, laptop or smartphone is no longer required for humans to login to cyberspace - where they can be hacked.

Spanish telecom provider Telefonica states by 2020, 90 percent of cars will be online, compared with just 2 percent in 2012. That means most drivers will be online by 2020, regardless of whether they consider themselves to be 'online' or not.

Hundreds of thousands — and possibly millions — of people can be hacked now via their wirelessly connected and digitally monitored implantable medical devices — which include cardioverter defibrillators, pacemakers, deep brain neurostimulators, insulin pumps, ear tubes, and more.

By 2030 the human attack surface might equal the world's population, which is projected to reach 8.5 billion by then, up from 7 billion now. Sheesh, that's a lot of people who'll need to be trained on security.

Cybersecurity market research: Top 15 statistics for 2017