Tech Can't Stop These Threats — Your People Can TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20265 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyberattacks & Data BreachesCyber RiskCybersecurity OperationsCommentaryTech Can't Stop These Threats — Your People CanSecurity controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.A. Stryker,Director of Threat Analysis,Fable SecurityMay 11, 20268 Min ReadSource: LightField Studios, Inc. via Alamy Stock PhotoOPINIONI begin, as every strong article should, with a caveat: Technical security controls are critically important. Deploy them all — the SOAR playbooks, the SIEM log ingestions, the EDR clients — and use as many as you have budget and time and manpower to use. And, for the love of all that's secure, don't stop tuning them.However, those same technical controls can't stop a growing category of cyberattacks that are specifically engineered to evade or abuse real systems and trusted employees to do their dirty work.For these cases, your best (and sometimes only) defense isn't another dashboard or detection; it's an employee who knows what they're looking at and what they can do to stop it.A new report analyzing last quarter's human threat landscape found a total of 10 key cyber threats on track to outpace security control deployments.What struck me about these findings is not just how the attack worked, but how consistently the most effective countermeasure in each case came back to human behavior — not as a stopgap while better tech gets built, but as a genuinely irreplaceable compensating control.Related:ShinyHunters Claims Second Attack Against InstructureI pulled out four cyber trends that I thought were especially relevant in a quick retrospective, as security teams start to analyze exploited human behaviors and attack trends in the first quarter of 2026.BEC: The Social Engineering Attack Controls Can't Stop Business email compromise is, statistically, the most efficient attack in the modern threat landscape.According to the 2025 "Microsoft Digital Defense Report," BEC attacks represented just 2% of attempted attacks last year, yet accounted for 21% of all successful ones. To compare, ransomware made up only 16% of successful attacks—despite receiving substantially more attention and security investment.Why is BEC so effective? Because it's a pure social engineering attack. There's no malware to detect, no malicious link to block, no payload to sandbox.The attacker tricks an authorized employee into intentionally moving money as part of "normal" business processes, or even coaching them to bypass a technical security control for an "urgent" payment. They'll pretend to be an impatient internal executive or a well-meaning external vendor, each with legitimate-sounding urgency.No EDR flags known-good business processes. No email security gateway catches all attempts, since some come in as voice-phishing phone calls outside of the inbox. These technical controls are working exactly as designed: from their perspective, nothing unusual happened.Related:Instructure Breach Exposes Schools' Vendor DependenceThe human solution here isn't complicated, but it requires investment to actually work: make, train, and enforce policy adherence for out-of-band requests — and critically, don't punish employees who pump the brakes on a wire transfer request because it came from the CEO's email on a Friday afternoon.That pause is the control working. Treat it that way.Because when CrowdStrike's "2026 Global Threat Report" says that 83% of its incidents were caused by "malware-less" infections? We've got more attacks like this one coming.Shadow AI: The Data Violation No DLP Tool Sees Coming Shadow AI — where employees connect unauthorized generative AI tools to work systems — was one of last quarter's top risk drivers across Fable customer environments. Those findings are supported by a growing body of research quantifying the true risk of uncontrolled, unauthorized AI tools at work.One survey, for example, found 51% of employees had connected unauthorized AI tools to work systems, and almost a third of those employees had uploaded proprietary financial information to said unmonitored AI tool.For this cyber-risk, the technical control challenge is structural. Data loss prevention (DLP) tools are trained to evaluate what content is, not whether it's appropriate to share in a given context. They're notoriously hard to tune, with an average 47% false positive rate that makes security teams reluctant to act aggressively on alerts.Related:Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FAMeanwhile, the employee uploading a contract summary to an unsanctioned AI tool isn't doing it maliciously; they're trying to do their job faster and just don't know better. The human layer here can accomplish two things technical controls can't:Data sensitivity labeling — employees who understand what's sensitive, and can actually classify it, enable the downstream controls to work better.Understanding which tools are sanctioned and why isn't a compliance checkbox; it's the decision point that happens before any DLP alert ever fires.This risk becomes even more pronounced with agentic AI tools, where autonomous systems act on sensitive data and inherit a previous user's permissions. In the past several months, we've heard tons of terrifying stories about what happens when people drive AI agents without guardrails. Two of the worst I've seen lately include a coding agent (allegedly) causing 13-hour service interruptions in AWS, and threat actors hacking password managers because a browsing AI agent ingested a malicious prompt.And that's just some of the horror stories that made it to press. Ask a CISO, SOC lead, or auditor in a conference hallway, and you'll hear more and worse shadow AI governance issues whispered about. Those whispers will only grow louder until we teach our human employees what they're giving to their AI agent sidekicks:What sensitive data looks like contextualized per individual, not tossed over the fence like we expect Sam in Customer Service to know what "sensitive data" means for him versus Dave the Developer.What access do AI agents have, both individually and cumulatively across data sets and applications? Is it read only or edit permissions?Natural language tools will always have natural language vulnerabilities to some degree, no matter what technical controls promise. Your employees are the only patch that can address both.MFA Bypass with Voice Phishing: Expensive Tech, Simple Human FixIn January 2026, the ShinyHunters threat group demonstrated a bypass technique that compromised authentication apps and tokens across more than 100 organizations.Researchers publishing about these attacks prior to attacker attribution noted, “There is no substitute for enforcing phishing resistance for access to resources," going on to list Yubikeys, an identity access manager of some sort, or passwordless solutions.But these solutions often are prohibitively expensive or take time to roll out. ShinyHunters, and anyone who buys that phishing kit off the Dark Web, are tricking people right now.Thankfully, the human control costs almost nothing to teach and immediately protects everywhere, even when the solution is unavailable or still being deployed. No legitimate IT or security team member will ever ask an employee for a one-time password or authentication code. Full stop. If someone asks, over email, over the phone, over Slack, in a ticket, by singing telegram, that's the attack. The employee who knows that and refuses is a more reliable control than the authentication layer the attacker just bypassed.This attack — and more and more like it — aren't cases where training can be your fallback checkbox solution. In fact, for a meaningful portion of your user base, it's your primary defense.The Quantum Distraction and What Attackers are Actually DoingQuantum computing gets a lot of airtime in security conversations as an impending threat to encryption. Now, "Q-Day" is definitely a long-term concern. If you're in the middle of government contract renewals or otherwise store sensitive data that nation-state level spies want, you'll want to invest.However, quantum decryption is almost certainly not your most pressing problem right now.You know what is a problem right now? Previously leaked data. Last year, 85% of targeted usernames in data incidents appeared in previous credential leaks. Why would attackers bother with breaking encryption to access data, when they can just log in as "real" users with bought credentials off the Dark Web from that password leak three years ago?Look, quantum-resistant cryptography is a real investment category. But teaching employees to use a password manager correctly — randomized, long, unique, updated after a breach — is a cheaper, faster, and more immediately impactful control for the attacks actually happening at scale right now. Don't let the futuristic threat crowd out the mundane one.Ultimately, for Dark Web credential leaks, shadow AI, and other cyber-risks evading technical controls, your employees can't stay your organization's last line of defense. They're the only line that was ever in a position to stop them from the start.Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!Read more about:OpinionAbout the AuthorA. StrykerDirector of Threat Analysis, Fable SecurityA. Stryker is the Director of Threat Analysis at Fable Security, a human risk management platform. She specializes in analyzing the intersection of cyber threats and human risk, providing actionable intelligence on threat actor behaviors and social engineering.Stryker has spent over ten years translating technical research and qualitative intelligence into the "so what?" and "what now?" materials that keep more people safe and secure. She previously produced threat intelligence for financial services, cybersecurity vendors, and early-stage startups - including Ivanti, Blackpoint Cyber, and a major U.S. insurance company — and currently leads threat analysis at Fable Security. You can often find her playing tabletop exercise games after her talks at SecTor, DEF CON, and Bsides conferences around the United States. Stryker lives in Maryland, growing parsley for butterflies and algae for shrimp.See more from A. StrykerWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

A. Stryker of Fable Security argues that technical security controls, while important, are increasingly ineffective against attacks specifically designed to exploit human behavior. She highlights four key cyber threats poised to outpace security deployments – BEC (Business Email Compromise), shadow AI, MFA bypass through voice phishing, and quantum decryption – emphasizing that the most consistent and effective countermeasure in each case is a well-informed and vigilant employee. Stryker stresses that technical controls alone cannot stop these attacks, and that training, policy adherence, and a critical understanding of employee actions are essential. She points to data from CrowdStrike and Microsoft, as well as research from Fable Security and others, demonstrating that human error remains the dominant factor in successful cyberattacks. The core message is that organizations should prioritize cultivating an informed and resistant workforce as their primary defense against these increasingly sophisticated threats, advocating for employees to recognize and challenge suspicious requests, even if they appear legitimate. The author also recommends against relying solely on futuristic threats like quantum computing, prioritizing immediate mitigation strategies such as using password managers correctly.