Whereas traditional hacking exploits weaknesses in software or hardware, social engineering exploits weaknesses in the human psyche. By preying on people’s habits, fears, or complacency, attackers can gain access to almost any system, no matter how sensitive or well-protected. The ubiquity of personal mobile devices in the workplace has only exacerbated the threat.

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data. I probably could have called this purely based on all the articles I’ve written (and all the articles I’ve read that never made it here). But when it comes to protecting your organization from social engineering, stick to the basics.

Behavioral threats and social engineering attacks target the human psyche rather than exploiting technical vulnerabilities. They rely on psychological manipulation, deception, and exploiting human trust to trick individuals into divulging sensitive information, clicking on malicious links, or taking actions that compromise security. Understanding these tactics and the human behaviors they exploit is key to effectively mitigating email security risks.

Adversaries have long used social engineering to trick their victims into providing access or information not available to the public. Social engineering continues to prove effective and will likely be a major factor in breaches throughout 2024. The CrowdStrike Incident Response team has dealt with an anomalously high number of successful breaches that originated with social engineering tactics, and we strongly urge security teams to take precautions against them.

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.

Everyone has received a spam text or email at some point. Their hallmarks are widely known; they often include poor or strange grammar, suspicious links, suggested connections with companies or people, or random individuals asking for help in some capacity. Sometimes, these communications allow scammers and malicious actors to learn about their targets. These targets may be individuals, companies, vendors, software hosts, or any other entity with data worth a cent.

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week we’re looking at four ways you can protect yourself from increasingly advanced social engineering attacks.