90% of All Cyber Attacks on Organizations Involve Social Engineering



90% Cyber Attacks Involve Social EngineeringIt’s official: threat actors and cybercriminal gangs alike are enlightened and have locked in on the use of social engineering as the primary means to trick recipients into becoming victims.

At the end of the day, any attack that utilizes email as the delivery mechanism requires the engagement of the email recipient. Whether your users are clicking a link, opening an attachment, or performing the requested task, your users have to do something to enable an attack.

It’s one of the reasons social engineering has become a staple in the threat actor’s arsenal of tools. And, according to Positive Technologies’ Cybersecurity Threatscape: Q2 2021 report, social engineering is nearly ubiquitous across all attacks and are involved in 90% of all cyberattacks. With email used as the primary method of distribution of malware (58% of attacks), it’s necessary to use social engineering to both get the recipient’s attention and motivate them to engage with the malicious email content.

To get a better sense of how social engineering is used, take a look at some of the other stats from this report:

  • 77% of attacks were targeted (spoofing of a brand or individual is likely used)
  • 73% of attacks involve malware (an attachment or link is the singular focus)

Additionally, the report highlights the focus for the majority of campaigns:

  • 69% of attacks on organizations involve ransomware
  • 59% of attacks were intent on gaining access to data

With social engineering taking such a prominent place in cyberattacks, it has become necessary to counteract these tactics with Security Awareness Training. Your users can be both vigilant on the types of attacks and the specific campaigns so they are armed with an understanding of current social engineering tactics and know how to identify them.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews