Cyber security is about people just as much as it is about technology.
The attack groups that pose the biggest threat to cyber security are organized criminal gangs, followed by nation-states and then hacktivists.
Most attacks start with social engineering, which targets people to gain access to systems. Other attack group personas include the malicious insider, who is usually a disgruntled employee who has been wronged by their organization and seeks to retaliate by stealing information. Non-malicious insiders are employees who make mistakes due to being overworked or stressed. They often do not receive adequate training on how to use systems properly.
Supply chain attacks target smaller organizations to pivot and get access to larger ones that they work with.
The human side of cybersecurity is just as important as the technology side. Cybercriminals increasingly target people, so organizations must put people more at the heart of their approach to cyber security. There are several main types of attackers: nation-states, financially motivated organized criminal gangs, hacking activists, and script kiddies.
Most issues come from a combination of an external attacker and an insider (malicious or non-malicious). Social media is powerful for spreading misinformation and disinformation because it's often spread by people we know and trust or by accounts that look like ones we favor.
When talking about cyber security, it's important to focus on what people can do to better protect themselves, rather than just the threat itself.
Cybersecurity threats are increasing and becoming more complex. Social engineering is a common technique used by hackers to exploit human bias. To effectively combat cyber threats, we must focus on empowering people with the knowledge of how to protect themselves.
Interesting video on the topic by The Humanity of Cybersecurity