Why is Social Engineering so Effective?
We’ve previously discussed what social engineering attacks are and what you can do to prevent them. Here, we’re going to review the reasons why threat actors persist with these types of attacks and why every single employee is potentially susceptible to a social engineering attack.
According to the CSO, in 2020, 6.95 million new phishing and scam pages were created, with the highest number of new phishing and scam sites in one month of 206,310.
Sources: https://www.csoonline.com/article/3634869/top-cybersecurity-statistics-trends-and-facts.html, https://cobalt.io/blog/cybersecurity-statistics-2021, https://www.proofpoint.com/us/resources/threat-reports/state-of-phish
Why are social engineering attacks so successful?
Social engineering is reliant on the cyber criminal gaining the trust of the victim. The uniquely human aspect of these cyber attacks means that anyone and any company, regardless of the size, could potentially lose big. Aside from the fact that you can always rely on human fallibility, to really understand the answer to this question, we need to review the psychology of these social engineering attacks.
Social engineering attacks are underpinned by the six principles of influence, the principles identified by psychologist Robert Cialdini in his book ‘Influence: The Psychology of Persuasion’. Threat actors understand these principles and employ them through numerous forms, but most follow these four formats:
What does a social engineering attack look like?
Whilst there are numerous means by which threat actors can target your business critical data, all social engineering attacks tend to follow a four-phase pattern.
1. Pre-attack – Research
Following a successful attack, the cyber criminal will break off all communication with targets and cover their tracks.
Trusted cyber security & compliance services from a certified provider
Get a quote today
If you are interested in our services, get a free, no obligation quote today by filling out the form below.