Last year was the year attackers “went corporate” by changing their tactics to focus on businesses rather than consumers, exploiting middle management overload of information sharing, and trading off attack volume for sophistication. Human behavior, not simply system or software vulnerabilities, has significant implications on enterprise security.

“The Human Factor research validates the critical value of threat information—and provides insight into how, when and where attacks are taking place,” said Kevin Epstein, Proofpoint’s vice president of Advanced Security & Governance. “The only effective defense is a layered defense, a defense that acknowledges and plans for the fact that some threats will penetrate the perimeter. Someone always clicks, which means that threats will reach users. Proofpoint’s approach is effective because our systems can determine who those users are, where they are, and what’s happening in real time—and actively protect organizations with real-time automated threat response.”