It’s official: threat actors and cybercriminal gangs alike are enlightened and have locked in on the use of social engineering as the primary means to trick recipients into becoming victims.
At the end of the day, any attack that utilizes email as the delivery mechanism requires the engagement of the email recipient. Whether your users are clicking a link, opening an attachment, or performing the requested task, your users have to do something to enable an attack.
It’s one of the reasons social engineering has become a staple in the threat actor’s arsenal of tools. And, according to Positive Technologies’ Cybersecurity Threatscape: Q2 2021 report, social engineering is nearly ubiquitous across all attacks and are involved in 90% of all cyberattacks. With email used as the primary method of distribution of malware (58% of attacks), it’s necessary to use social engineering to both get the recipient’s attention and motivate them to engage with the malicious email content.
To get a better sense of how social engineering is used, take a look at some of the other stats from this report:
- 77% of attacks were targeted (spoofing of a brand or individual is likely used)
- 73% of attacks involve malware (an attachment or link is the singular focus)
Additionally, the report highlights the focus for the majority of campaigns:
- 69% of attacks on organizations involve ransomware
- 59% of attacks were intent on gaining access to data
With social engineering taking such a prominent place in cyberattacks, it has become necessary to counteract these tactics with Security Awareness Training. Your users can be both vigilant on the types of attacks and the specific campaigns so they are armed with an understanding of current social engineering tactics and know how to identify them.