Your cybersecurity posture is only as strong as its weakest link. And in today’s people-centric threat landscape, that means your users. They are your greatest asset, your biggest risk and your last line of defence from threats.

That’s because attackers have shifted their focus from infrastructure to people. No matter how well you’re managing your IT infrastructure, you can’t patch your way out of these people-centered attacks.

Proofpoint customers’ end users reported nearly 9.2 million suspicious emails in 2019, an increase of 67% over 2018. In Q3 2019 alone, users alerted their security teams to thousands of serious threats, including:

• Nearly 20,000 credential-based phishing attacks
• More than 4,000 attacks with malware payloads, including high-severity remote access Trojans (RATs), backdoors and stealers

Attackers’ targets and methods are constantly evolving. Your Very Attacked People™ (VAPs)—those users facing the highest volume of attacks, the most advanced threats or most sophisticated tactics—aren’t always your VIPs.

For a better understanding of users’ cybersecurity awareness and habits, we surveyed users around the world to gauge two key aspects of user vulnerability: what they know (or don’t know) and what they do.

This report highlights user awareness and knowledge gaps that, if left unrectified, could hurt your cybersecurity posture. Based on those insights, we recommend specific action you can take to empower your people and build cyber resilience into your workforce.