Social Engineering: The Most Common Cyber Weakness

Despite advancements in cybersecurity scanning and monitoring technologies, social engineering remains the main threat to businesses and a popular method for cybercriminals to gain unauthorised access. Here are some statistics on social engineering and its impact on cybercrime:

• A staggering 98% of cyberattacks involve some form of social engineering (Source)
• Approximately 74% of data breaches involve human error (Source)
• Employees at small businesses face 350% more social engineering attacks (Source)
• In 2022, business email compromise (BEC), a form of social engineering, resulted in global losses exceeding $2.4 billion (Source)

What Is Social Engineering?

Social engineering is the art of manipulating individuals into performing actions or divulging confidential information. It's a deception technique that exploits human error rather than software vulnerabilities. Common examples include phishing emails where attackers pose as trusted entities, where attackers create a fabricated scenario to gain information or set the stage for future attacks, or baiting scenarios which promise the victim something in exchange for private data.

Tactics Employed by Hackers

Cybercriminals leverage various tactics within social engineering:

• Emotional Manipulation: Utilising urgency, fear, and familiarity, attackers coerce victims into hurried decisions, often leading to poor judgment.
• Utilisation of Breached Data: Attackers might use previously breached data to lend credibility to their deception. For instance, a hacker could impersonate an employee in a call to IT support, requesting a password reset and providing accurate personal details of another employee obtained from a previous breach.

Why Social Engineering Succeeds

The personalised nature of social engineering attacks makes them extraordinarily effective. These attacks are tailored to exploit the specific vulnerabilities of the target, making the fraud difficult to detect. The integration of AI technologies allows cybercriminals to clone writing styles and speech patterns, making impersonations incredibly accurate and difficult to question. In addition, the relative ease of executing these attacks combined with the low emphasis on cybersecurity education in many organisations leads to a high success rate for these types of attacks.

How Are These Attacks Conducted?

Hackers often employ a multi-channel approach to orchestrate their attacks, leveraging emails, SMS messages and even deep fake videos or phone calls. This diversification makes defending against them more challenging since the point of attack can vary widely.

Protecting Against Social Engineering

The best defence against social engineering is continuous vigilance and comprehensive cybersecurity education. Employees should be trained to recognise the signs of social engineering:

• Pressure Tactics: Communications urging immediate action or decisions should be viewed with suspicion.
• Anomaly in Requests: Unexpected requests, especially from unusual sources, should be verified through direct communication channels.
• Verification of Requests: Confirm the legitimacy of suspicious requests by contacting the supposed source via a known and secure method
• Recognising Red Flags: Typical red flags include unexpected requests for password resets, unusual purchases, unexpected invoices, urgent bank transfers or access changes to systems or networks.
• Encouraging Scepticism: This can help employees detect many social engineering attempts, but verification is crucial. Employees should utilise direct communication to ensure the authenticity of requests.

How DynaRisk Supports Businesses Against Social Engineering

Our Breach Defence platform provides an all-in-one cybersecurity tool for businesses, including passive scans, dark web monitoring, and customised employee training. Additionally, our phishing simulation tool is designed to reinforce employees' ability to identify and respond to security threats.

Find out more about Breach Defence , or, get in touch with our team to find out how our suite of software and services can help to protect your commercial customers.