Social engineering attacks pose a significant threat to businesses and individuals alike. They manipulate emotions instead of targeting technical vulnerabilities. These sophisticated attacks can lead anyone to reveal sensitive data, unknowingly help cybercriminals bypass security measures, or install malware.
Cybercriminals often impersonate trusted entities, such as IT support staff, employees of reputable companies, or personal acquaintances. They use tactics like phishing and vishing to deceive their targets into compromising security. While no one is fully immune to social engineering attacks, awareness and proper security measures can significantly mitigate the risks.
“Social engineering is the art of manipulation, not hacking,” says Andrius Buinovskis, a cybersecurity expert at NordLayer. “Attackers exploit human psychology, using personalized approaches that resonate emotionally with their targets. This makes social engineering a highly insidious threat that can bypass even the most sophisticated technical defenses.”
Cybercriminals target data instead of seeking direct financial gain
An IBM report from this year reveals that cybercriminals are shifting their tactics, moving away from traditional system hacking towards the use of valid credentials to gain unauthorized access to computer systems. There has been a 71% increase in attacks using valid credentials, highlighting the effectiveness of social engineering in bypassing traditional security measures.
In 2023, phishing and attacks involving stolen or compromised credentials emerged as the dominant social engineering methods, accounting for 91% of all attacks. In 85% of instances, cybercriminals’ motivation behind these attacks is to access sensitive data, and only in 15% of cases do they seek direct financial gain.
Organizations across all sectors are at risk, with 43% of successful attacks on businesses utilizing social engineering techniques. Additionally, there has been a 266% rise in the usage of info stealers, tools designed to harvest user credentials and other sensitive information.
How to mitigate social engineering risks
In the face of evolving social engineering threats, Buinovskis recommends a multi-faceted approach to cybersecurity. He emphasizes the importance of implementing multi-factor authentication (MFA), which adds crucial layers of protection and significantly reduces the risk of unauthorized access even if credentials are compromised.
“Network segmentation serves as a critical defense mechanism, limiting attackers’ lateral movement and containing potential breaches,” says Buinovskis. “Businesses should implement Zero Trust Network Access (ZTNA) policies to ensure continuous verification of users and devices, enforce least privilege access, and enable swift detection of unusual activities.”
However, Buinovskis stresses that technology alone is not enough. He recommends creating a human firewall through comprehensive employee education. Staff should be trained to recognize the red flags signaling a social engineering attack — pressure to act fast, emotional manipulation, and suspicious requests for sensitive information.
“By fostering a culture where cybersecurity is everyone’s responsibility and implementing these technological and educational measures, organizations can significantly enhance their resilience against the persistent threat of social engineering attacks,” says Buinovskis.
For more information: nordlayer.com