Strengthen Human Resilience During Cybersecurity Awareness Month—and All Year Long

Modern cyberattacks don't just exploit technology-they exploit people. While email remains the primary attack vector, cybercriminals are expanding their tactics and exploiting additional channels, like Microsoft Teams, Slack, Zoom, LinkedIn, and WhatsApp. This enables them to bypass traditional security and launch socially engineered attacks.

Once cybercriminals compromise an account, they work to deepen their foothold, avoid detection and set up further stages of their attack. This might mean data exfiltration, ransomware deployment, or financial theft.

Employees play a critical role in cybersecurity. According to Verizon's research, 90% of security incidents involve the human element. And in the Proofpoint 2024 State of the Phish report, we found that 96% of users who took risky actions did so knowingly. What's more, 99% of the organizations we monitor are regularly targeted for account takeovers.

When employees have the right security awareness education, they can serve as a strong line of defense for any organization. Now, let's explore the latest threats that they're up against.

Common threats

Strengthening awareness and human resilience is essential to defending against today's threats. Here are some of the most pervasive.

Phishing attacks beyond email

According to industry trends, cybercriminals are going beyond email to distribute malicious URL attacks across multiple digital channels, including collaboration and messaging tools, social media channels, cloud apps and file sharing services, and more. This makes it harder to detect and defend against phishing attacks.

While people might believe that they're engaging with a trusted entity on these platforms, they may be interacting with a threat actor unknowingly. That's why it's important to teach them about new attack vectors and social engineering tactics-it ensures that they can protect themselves and your organization.

Supplier fraud

Multistage attacks often involve attackers impersonating suppliers or third-party vendors. They use trusted business relationships to manipulate employees and bypass traditional security measures. In short, supply chain and partner ecosystems have become another threat vector from which attackers are launching business email compromise (BEC), phishing, and other attacks.

Impersonation risk

Threat actors often exploit people's trust by impersonating individuals or brands on various channels. Doing so increases the likelihood that their fraud attempts will be successful.

Attacks that use compromised accounts for business email compromise (BEC) are growing. With BEC attacks, cybercriminals impersonate executives or employees to get fraudulent transactions authorized. In fact, according to Proofpoint's Human Factor 2025, Vol. 1, advanced fee fraud (AFF) threats increased by 47% over the last 12 months.

Account takeovers

Attackers often exploit weak credentials, phishing, or social engineering to gain control of user and supplier accounts. Account takeover attacks can lead to unauthorized access to sensitive data, financial loss, and reputational damage.

Takeaway: People's actions are the best safeguards

It's up to each person to stop, think, and act. That's why security awareness education is an essential part of helping your employees understand how to recognize threats and apply their knowledge to real-world situations. Here are four tips for staying safe from today's attacks:

1. Be aware of multichannel threats. Keep in mind that cybercriminals may target you across multiple digital channels, including social media, email, and text messages. Phishing attempts can appear on any platform.
2. Verify third-party communications. If you receive requests from suppliers or vendors that seem unusual-like changes to payment details or urgent demands-double-check with your contacts before taking any action to avoid supplier fraud.
3. Guard against BEC threats. If you receive emails asking for sensitive actions, like transferring funds or accessing confidential data, confirm the request via another communication method. This will ensure that you avoid falling for threats that rely on impersonation, like BEC.
4. Monitor your online behaviors. If you notice any suspicious activity, or if something feels off about a message or interaction, report it immediately. Being proactive can stop potential threats before they escalate.

Next step: Get the Proofpoint Cybersecurity Awareness Kit now

Every October is Cybersecurity Awareness Month-an important time to empower users to protect themselves and their organization against today's threats. 

To help your efforts, Proofpoint has carefully curated a free 2025 Cybersecurity Awareness Kit. It covers some best practices for identifying how cybercriminals are targeting users across email and other digital channels. Plus, users learn about how multistage attacks work and the impact of account compromise. The kit can be used throughout October-or to boost your program any time of the year. Download the free Proofpoint Cybersecurity Awareness Kit.

Learn more about Proofpoint Prime

At Proofpoint, we recognize that technology alone cannot solve today's security challenges. People need to know how to protect themselves and their organization, too.

Our comprehensive Prime Threat Protection solution not only strengthens your security posture when implemented effectively, it also integrates security education that drives meaningful behavior change within your workforce.

Learn more about how we combine world-class threat protection with security education-and how organizations are using Proofpoint to reduce their risk, build resilience, and ultimately protect their people and data.