Thought leadership
Statistics You Need to Know About Social Engineering
Have you ever experienced a social engineering attack?
These scams try to catch you off guard, leveraging fear, curiosity, habit and innate trust against you. The term social engineering refers to personalised psychological manipulation and tactics that leverage your trust in order to steal data or hack into your network or device.
Cyber criminals have turned to increasingly sophisticated social engineering tactics as it is a highly-effective and subtle way to gain employee credentials and access to troves of valuable data.
Here are some statistics you need to know about social engineering…and how to protect your organisation:
The average price tag of a social engineering breach costs businesses £3.33 million (IBM)
- Clearly, this is a growing problem. As the quality of anti-virus and malware scanning software has improved, cyber criminals are turning to social engineering against individual employees…even to the point of ‘spear phishing’ or ‘whaling’ against bigger targets like senior management or CEOs.
In 2022, 49% of emails were identified as spam, up from 46% in 2021 (Statista)
- Considering the sheer volume of emails that many of us receive each day, this statistic is important. You may be able to spot more common red flags or obvious spam, but this constant flow of messages wears down your ability to spot the more subtle tricks embedded in messages that are just a few degrees off.
- Investigate email security services from experts like Mimecast to expertly filter and prompt you when an attachment or message looks suspicious.
Only 3% of malware exploits an exclusively technical flaw. The other 97% targets users through social engineering (KnowBe4)
- Cyber criminals know that people are often the gateway to valuable credentials and databases or account details. With a simple trick or digital slight of hand on a bad day, they know you could be an easier target than running every username-password combination in a data dump until they get a hit.
- Don’t underestimate your role in preventing cyber-attacks against your organisation. Security awareness training is one way you can help each of your team members to understand how their digital habits could be changed to improve cyber-security for the entire business.
91% of cyber-attacks start through email (Mimecast)
- We must pay more attention to the emails we send and receive. Take the extra time to communicate sensitive information in person, if possible. Be careful about what information you share with a stranger over email, or what information you put about yourself on social media. Sophisticated phishing scams have been known to use information about your networks and position through LinkedIn or Facebook to gain just enough details about you to seem plausible, or pique your curiosity.
