The weakest link in any organization's cybersecurity chain is its employees. Hackers know this, and have increased social engineering-based attacks over the years. According to recent studies, about 17 percent of these attacks are successful, and the vast majority are through phishing emails. "To make the emails more effective, attackers may combine different methods: a single message may contain a malicious file and a link, which leads to a website containing multiple exploits and a password entry form," Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, said in a press release. "Malicious attachments can be blocked by properly configured antivirus protection; however, there is no surefire way to prevent users from being tricked into divulging their password." Training remains the most effective way to prevent these types of attacks. "To reduce the risk of successful social engineering attacks, it is important to hold regular trainings and test how well each employee follows security principles in practice," Galloway said. "Whilst people are often the weakest link in your organization, businesses can benefit a lot by fostering a security-positive culture."