The vast majority of data breaches start with social engineering - when people, not computers, are compromised. People clicking on phishing emails are the #1 cause of data breaches.
A simple little email. Maybe you got a notice from the IRS. Or someone wants to share a something with you in DropBox. Perhaps your account is about to be suspended, and you need to act now! People are curious and a little too trusting. It’s our basic human nature that makes people the weakest link inside any network.
Phishing is an attack on human nature -- at home, or at work -- even in big name brand names that you expect to be safe and protected. Home Depot, Sony, Hillary Clinton's presidential campaign, The Washington Post... Every one of these companies was breached with a phishing email that someone clicked on. And economic losses from data breaches are expected to top $2 trillion next year.
Companies try desperately to protect themselves, and collectively spend $1 billion every year training employees not to click on suspicious links. But, even with the current industry-leading training, 23% of people will continue to click on phishing emails... That's terrible!
It's why many computer security people often say, “You can’t patch the human.”
As a result, companies spend billions more to block and filter the internet from their employees. This is great for security, but terrible for productivity. I spent 10 years at Bank of America in this type of environment, where it took one to three days to get access to a new website, just to do my job. It was incredibly frustrating.
These two approaches, filtering and training, are our competition, and combined serve a $3 billion market, but they fail to meet the basic need of the customers.