Social Engineering: The Art of Human Manipulation
Held every October, and now in its 20th year, CIRMA observes Cybersecurity Awareness Month by highlighting the importance of staying safe online. We will share some of our most vital cybersecurity resources throughout October to help you and your employees understand and overcome existing and emerging cyber exposures.
To kick things off, we will explore the topic of social engineering, what it is, and why it is so important.
Social engineering attacks are often highly profitable for cybercriminals and are one of the most common ways they exploit human instincts. Social engineering uses psychological manipulation instead of exploiting technical vulnerabilities and takes advantage of a victim’s instincts and emotions to obtain sensitive information.
Cyber threat actors continue their relentless efforts to obtain sensitive data by impersonating employees for financial gain. Business Email Compromise (BEC) attacks have doubled over the past year, and represent more than 50% of incidents within a social engineering pattern (2023 Verizon Data Breach Investigations Report). Social engineering can cost municipalities millions of dollars annually, but more importantly, data breaches can lead to identity theft and operational disruptions. Ensuring municipal and school board employees are aware of and adequately trained on cybersecurity best practices can help minimize the risk of a costly and disruptive data breach.
Cyber threat actors use various methods to infiltrate network systems and expose sensitive and vulnerable information. Phishing is the most common method of social engineering, where a hacker often convinces their victim to click a malicious link or software in an email. Baiting is another prevalent method of social engineering, referring to bad actors luring their victims into relinquishing sensitive information by tempting them with a valuable object or offer.
Attackers use holidays, epidemics, and natural disasters to solicit personal information and use voice communication and text messages to deceive their victims.
Key findings in the 2023 Verizon Data Breach Investigations Report:
- 97% of cyber threat actors were motivated by financial gain
- 3% of cyber threat actors were inspired by espionage
- Techniques utilized to gain unauthorized access to an organization:
- 49% stolen credentials
- 12% phishing
- 5% exploiting vulnerabilities
Social engineering attacks are notoriously difficult to prevent, as they depend heavily on the human element. It takes one employee’s mistake to compromise a municipal network’s integrity, demonstrating the significance of training employees on cybersecurity awareness. Data security policies combined with cybersecurity awareness training can assist employees in understanding how to detect and respond to social engineering attacks.
CIRMA Risk Management offers a Cyber Webinar Series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features cybersecurity-related online training courses and webinars proven to educate employees and reduce costly and disruptive cyber exposures. Courses and webinars are available for employees to learn at their own pace, 24 hours a day, seven days a week.
If you haven’t taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform, contact your local CIRMA Risk Management representative to get started today. There is no additional charge to CIRMA members for this service. Visit CIRMA’s Cyber Center for helpful information on preventing and managing cyber exposures. Contact your local CIRMA Risk Management representative to get started today.
Don’t Miss Out: Cyber Assessments for CT Municipalities
New cyber assessment resources are available to help your public entity address evolving cybersecurity threats head-on.
Snow and Rain: A Recipe for Disaster
When it comes to winter property maintenance, snow, followed by rain, is one of the worst combinations you can face. The problem with rain…
Police Pursuit Policy Education and Awareness
Law enforcement agencies must ensure their personnel adhere to their Department and State of Connecticut Pursuit Policies to ensure their and others' safety and…
The Road to Safety: Law Enforcement Defensive Driver Training
Law enforcement personnel spend extensive time on the road. Paradoxically, building defensive driving skills education often receives little attention in basic academy training and…
Block the Bait: Cyber Phishing Attacks
Human error (still) remains the leading cause of cybersecurity breaches, as employees continue to fall victim to phishing attacks. Verizon’s Data Breach Investigation report…
Social Engineering: The Art of Human Manipulation
Social engineering attacks are one of the most common ways they exploit human instincts and uses psychological manipulation instead of exploiting technical vulnerabilities and…
Driving Safely in Winter Weather
Winter weather poses extremely dangerous road conditions for drivers. According to the Federal Highway Administration, over 70% of the nation’s roads are located in…
Still Using Weak Passwords? Do This Instead.
Passwords have long been firmly established as the weakest link in an organization’s cybersecurity. Here's what you can do to avoid this significant yet…
Whitepaper: Create a Home Work Environment that Works for You
Creating a home workspace does not require extraordinary upgrades to your home or even purchasing fancy office equipment. Setting up a workspace with basic…
Wellness at Work
The adoption of workplace social and emotional health programs skyrocketed over the past two years due to heightened visibility during the pandemic when remote…
Preventing Sprains & Strains
Sprain and strain injuries are the most common and costly workplace injuries. Employees can injure their knee, shoulder, wrist, or back while performing everyday…