Securing The Human Layer 2025: Rethinking cyber security in an era of human-centric threats.
Uncover the hidden human risks shaping today’s biggest cyber threats — and how to stop them.
Get early access now 👇
&w=64&q=100){kind=small}
)
Modern threats evade traditional defences
Legacy tools defend infrastructure. Attackers now target people.
From poisoned SaaS invites and AI-generated voice phishing, to reused passwords and unmonitored third-party access, modern breaches increasingly start with human behaviour — not code.
The attacker doesn’t break in. They log in.
They exploit decision-making, not vulnerabilities.
They operate in the blind spots of your EDR, firewall, and awareness program.
This whitepaper breaks down why modern threats evade traditional defences — and introduces a new model of behavioural detection and real-time intervention built for the modern threat landscape.
Breaches that prove a point
What do they have in common?
Traditional tools were in place.
The attackers didn’t break them — they bypassed them through people.
Uber (2022)
Attacker gained access via WhatsApp + MFA fatigue
MGM Resorts (2023)
Voice phishing led to MFA reset, causing $100M in damages
Snowflake (2024)
Contractor credentials reused, no MFA, 165 customers exposed
UnitedHealth (2024)
One compromised identity → $872M in impact
WPP (2024)
CEO deepfaked in a live Teams meeting
Uber (2022)
Attacker gained access via WhatsApp + MFA fatigue
MGM Resorts (2023)
Voice phishing led to MFA reset, causing $100M in damages
Snowflake (2024)
Contractor credentials reused, no MFA, 165 customers exposed
UnitedHealth (2024)
One compromised identity → $872M in impact
WPP (2024)
CEO deepfaked in a live Teams meeting
The solution: A new model for the human layer
Detect behaviour, not just breaches
Leverage telemetry to identify risky patterns — not isolated events — across identity, SaaS, browsers, and messaging platforms.
Prioritise intent, not symptoms
Cut through the noise by understanding why behaviours happen — so you know who needs help and where action matters most.
Defend in real time, not late
Nudge, block or redact risky actions as they happen — from password resets to GenAI misuse — without burdening your SOC with overload.
What you will learn
The 5 most common patterns in modern human-centric attacks
Why MFA, EDR, and awareness fail to stop identity-based compromise
Real-world breakdowns of voice phishing, SaaS poisoning, and social engineering
How to surface the human blind spots in your security infrastructure
A blueprint for behaviour-based detection and user-driven intervention
How to reduce risk without overwhelming your SOC
of successful breaches involved the human layer
used some form of social engineering
in breach damages connected to behavioural compromise
Research conducted by
Oliver Simonnet, Lead Cyber Security Researcher
Oliver Simonnet is the Lead Cyber security Researcher at CultureAI, specialising in the human layer of cyber security. With nearly a decade of experience, he has held positions including Principal Security Consultant, Global Head of Application Security, and SWIFT System Security SME. His expertise spans various fields including attack path mapping, application security, reverse engineering, exploit development, payment system security, and human risk management.
Ready to close the human blind spot?
Get the full whitepaper and start securing the most exploited attack surface of the modern era: the human layer.