Human error plays big role in cyber breaches

Hackers targeting companies and government agencies usually have help from an unexpected source: the organization’s employees.

Workers who click on trick emails unwittingly give cybercriminals access to their networks, allowing them to harvest legitimate credentials and burrow deep inside the system.

This process, known as “phishing,” played a role in more than two-thirds of the 290 electronic espionage cases cited by telecom firm Verizon in a report to be released Wednesday.

The 2015 Data Breach Investigations Report, a landmark study published annually, found that 11 percent of people who receive a “phishing” email will open the malicious attachment.

As a result, hackers can almost always find routes in to targeted networks by blanketing employee rosters with trick messages. All it takes is one false click by one individual to open the system to intruders.

Studying nearly 80,000 security incidents, Verizon found that each confirmed breach fit into one of nine types of attacks, including hits on Web applications or point-of-sale devices, or cyber espionage.

Phishing is frequent tool of attack for spies because it works well and draws less scrutiny than other methods, according to a separate report by security firm Symantec to be released Tuesday.

Hackers typically increase the sophistication of their approach once they are inside networks, the company said, noting the rise in intruders’ use of ransomware and file encryption within critical infrastructure targets.