Bytes - Smarter together
Bytes - Smarter together

Threat Intel Monthly Update: Why People Remain Cyber Security’s Greatest Risk

Thursday 29th May 2025

 
John Tait
Head of Technical Pre-sales
Author
 
Daniela Miccardi
Cyber Security Marketing Manager

Report Summary:

Despite advanced technical defenses, recent cyber-attacks show that human error remains the easiest way in. Attackers exploit people using low-tech but effective methods like MFA fatigue (bombarding users with login prompts), phishing, and SIM swapping. Often, they target third-party vendors with access to core systems.

These tactics persist because human nature hasn’t changed—people are busy, distracted, and trusting. While companies invest heavily in tech, a single phone call can still bypass it all.

Read up on the below to find out more.

____________________________

Picture a major company armed with state-of-the-art defences, undone because one person was tricked by a phone call or worn down by endless login prompts. This is not hypothetical it is likely what happened in a string of recent high-profile cyber-attacks. Threat actors do not need to crack systems when they can simply crack people. In each case, the attackers found the path of least resistance:  

A Human Target 

The playbook was low-tech yet devastatingly effective. Attackers bombard staff with fake multi-factor authentication pop-ups until someone finally hits “approve” to make it “just go away” (the MFA fatigue technique). They send convincing phishing messages that fool employees into handing over credentials. Some even pull off SIM swapping to hijack phone lines and intercept one-time passcodes. And they do not always target the company itself, often they hit an individual at a third-party provider who had trusted access to the real target’s network. Why batter down the front door when you can trick a person into opening a side window? 

Old School Cons 

It’s 2025 and these old-school cons still work, and we should not be surprised. Human nature has not changed: people are busy, overloaded, and prone to trust. A cleverly timed fake alert can slip past even a diligent employee on a hectic day. Meanwhile, organisations pour resources into firewalls and security technology, yet one phone call to an unwitting support contractor can undermine it all. Every company’s security chain is only as strong as its weakest link – and attackers know it. 

So how do we respond to this uncomfortable reality? First, accept it: no technology can eliminate human fallibility.  

There is No Silver Bullet

That means doubling down on the human side of security. Train and test your people regularly, run realistic phishing drills, simulate social engineering attacks, and make security awareness second nature. Push for more phishing-resistant authentication (like physical security keys or smarter MFA prompts) that are harder to fool.  

Do Not Use SMS 

Just as importantly, scrutinise your supply chain: ensure your vendors and support partners uphold strict security practices. If a third-party manages critical systems for you, make sure they are just as vigilant as you are. 

Wake up and Smell The Coffee 

None of this is easy, but the alternative is to remain a sitting duck. The recent breaches are a loud wake-up call (the UK’s NCSC even dubbed them “a wake-up call to all organisations”) that we must take the human element as seriously as any technical threat.  

The good news is you do not have to go it alone. Engaging experts to pressure-test your defences and strengthen weak points can make all the difference. Bytes Software Services can assist on this front – from conducting realistic penetration tests and incident response drills to providing virtual CISO guidance and comprehensive security assessments (assurance and compliance).  

Our goal is not to assign blame, but to help organisations shore up their human and process defences before attackers find the gaps. We either address the human vulnerability now, or we will keep seeing the same old tricks cause brand-new disasters. 

References:

https://www.ncsc.gov.uk/blog-post/cyber-threat-behind-the-headlines

______________________________

Would you like to discuss any of the topics covered? Reach out to your dedicated Bytes Account Manager, or email tellmemore@bytes.co.uk.

Want to keep informed? Sign up to our Newsletter

Connect