It became apparent in the industry that stopping the known attacks was not enough. Hackers were increasingly becoming successful in beating the security tools that relied on signatures to stop attacks. They were also targeting users instead of having to try to breach the multiple layers of security, and they had come up with attack techniques such as DoS that were hard to stop. There were two responses to the new developments: cyber resilience and user training. Cyber resilience was adopted to keep business operations going during and after cyber attacks. The end goal of having security changed from simply protecting the organization from attacks, to ensuring that business functions would not be severely interrupted by attacks. Businesses paid more attention to having ready backups, alternative hot sites to take over operations during cyber attacks, and faster incident-response measures to ensure that organizations could mitigate and recover from attacks more quickly.
Secondly, organizations started paying more attention to training their users against cybersecurity threats. This was because employees had become easier targets for cyber criminals. Social engineering was becoming a more successful way of breaching into many organizations. This has remained true for many years. Statistics provided in 2016 by the Anti-Phishing Working Group showed that, of all malware infections recorded, 95% were enabled by humans. The report showed that less than 5% of attacks are targeted at technical flaws in software. Most attacks are targeted at employees.
Therefore, organizations added employees to the cybersecurity chain and became more focused on teaching them about phishing and other common types of cybersecurity threats. The knowledge gained was intended to enable them to avoid falling into traps such as providing login credentials or clicking on malicious links.