The Human Side of Cybersecurity: Why Strengthening the Human Fire Wall Still Matters.

Year after year, the data tells the same story: people remain the prime target in cyberattacks. Now, with attackers using AI to clone voices and craft convincing scams, the human element has become both our greatest risk and greatest opportunity. That’s why we’re revisiting the article, “The Human Firewall: Strengthening the Weakest Link in Cybersecurity,” because the strongest defense in 2025 is still built on the collaboration of technology, culture, and leadership to strengthen the human firewall.

The Human Side of Cybersecurity:

Why Strengthening the Human Fire Wall Still Matters.

In 2023, DefenseStorm CEO Steve Soukup, wrote the article, “The Human Firewall: Strengthening the Weakest Link in Cybersecurity, published in Cyber Defense Magazine,” which called out a hard truth – that human error was behind nearly 90–95% of data breaches. Fast forward to 2025, and guess what? Despite enormous investments in AI-driven defenses, the human element remains both our greatest risk and our greatest opportunity.

Today’s threat landscape looks different, but the root problem hasn’t changed. Attackers are using AI to create perfectly convincing phishing messages, clone voices, and impersonate executives in real time. And with the pace of work and constant distractions in hybrid and remote environments, it’s easier than ever for mistakes to happen.

Recent 2025 reports highlight the increasing sophistication and expense of human-targeted attacks:

IBM Cost of a Data Breach 2025 (Jul 30, 2025):Phishing was the #1 initial attack vector in 2025, and phishing breaches averaged about $4.8M each, which is among the costliest breach categories.
Mandiant M-Trends 2025 (Apr 23, 2025):In cloud compromises, email phishing was the initial vector in 39% of cases, while stolen credentials accounted for 35%.
Proofpoint – The Human Factor 2025, Vol. 1: Social Engineering (Apr 29, 2025):“Pure social engineering” was present in 25% of advanced persistent threat (APT) campaigns, while advanced-fee fraud schemes rose by nearly 50%, showing how attackers increasingly rely on people as entry points.
FBI IC3 Annual Report 2025 (Apr 23, 2025, covering 2024):Business Email Compromise (BEC) alone caused $2.77B in losses in 2024, contributing to a record $16.6B in overall internet-crime losses

Types of human-targeted attacks on the rise:

Social engineering beyond phishing36% of incidents in 2025 started with social engineering, using tricks like fake prompts, impersonated helpdesks, or SEO poisoning.
Vishing, MFA fatigue & helpdesk scamsAttackers used voice phishing, flooded MFA prompts, or posed as tech support to gain access in major incidents.
Account takeovers (ATO) Still a prime threat in 2025, especially in travel and hospitality, often fueled by stolen or reused credentials.
Fake account creationSpiked by over 360% year-over-year, giving attackers new ways to impersonate and infiltrate.
AI-driven social attacks Criminals now use AI to write convincing phishing, clone voices, and run real-time scam interactions. (unit42.paloaltonetworks.com)
Malware-free intrusions 79% of detections in 2025 were malware-free, showing a shift to stealthy, identity-based attacks
Voice phishing in SaaS extortion Groups like ShinyHunters used vishing to push fake Salesforce tools, then stole data and extorted victims.

While the numbers will inevitably shift year to year, the trend is clear: the human element remains the most targeted and costly vulnerability in cybersecurity. The takeaway from two years ago remains powerful in that the best defense is not just smarter technology, but more cyber-aware people, and it has to start from the top. What separates resilient organizations from vulnerable ones isn’t budget size, it’s a cyber aware culture. Investing in continuous security awareness and training is one of the most effective, proactive defenses organizations can implement.

In 2025, your strongest defense is still human – empowered by technology, supported by leadership, and strengthened by continuous awareness.

Read the full 2023 article to learn powerful, actionable strategies to nurture a cyber aware culture and ultimately, strengthen your human firewall.

Read the full article in Cyber Defense Magazine here.

Excerpts from “The Human Firewall: Strengthening the Weakest Link in Cybersecurity”

“Mistakes are made at ALL levels and across ALL departments due to insufficient cyber risk awareness training, distraction, burnout, or even complacency.”

“A joint study by Stanford University Professor Jeff Hancock and security firm Tessian, found that a staggering 88% of data breaches result from employee mistakes. IBM Security’s research reports an even higher figure at 95%.

“…internal Security Operations Center (SOC) tasks become redundant for individuals. Boredom fuels complacency, which in turn, spawns errors and oversights.”

The MDR Illusion: Why Generic Cybersecurity Leaves Banks Exposed The Power of the Tabletop: Turning Awareness into Readiness in Financial Services

DefenseStorm

DefenseStorm experts collaborate to share valuable insights, tips, trends, and resources about cyber risk management. Information sharing is a critical component of cyber risk readiness and considered a best practice to improve cyber risk awareness. As a leader in the industry, we strive to build a community of trust by providing the most current and important information that affects your financial institution.