Social Engineering: The Art of Human Manipulation

Held every October, and now in its 20th year, CIRMA observes Cybersecurity Awareness Month by highlighting the importance of staying safe online. We will share some of our most vital cybersecurity resources throughout October to help you and your employees understand and overcome existing and emerging cyber exposures.

To kick things off, we will explore the topic of social engineering, what it is, and why it is so important.

Social engineering attacks are often highly profitable for cybercriminals and are one of the most common ways they exploit human instincts. Social engineering uses psychological manipulation instead of exploiting technical vulnerabilities and takes advantage of a victim’s instincts and emotions to obtain sensitive information.

Cyber threat actors continue their relentless efforts to obtain sensitive data by impersonating employees for financial gain. Business Email Compromise (BEC) attacks have doubled over the past year, and represent more than 50% of incidents within a social engineering pattern (2023 Verizon Data Breach Investigations Report).  Social engineering can cost municipalities millions of dollars annually, but more importantly, data breaches can lead to identity theft and operational disruptions. Ensuring municipal and school board employees are aware of and adequately trained on cybersecurity best practices can help minimize the risk of a costly and disruptive data breach.

Cyber threat actors use various methods to infiltrate network systems and expose sensitive and vulnerable information. Phishing is the most common method of social engineering, where a hacker often convinces their victim to click a malicious link or software in an email. Baiting is another prevalent method of social engineering, referring to bad actors luring their victims into relinquishing sensitive information by tempting them with a valuable object or offer.

Attackers use holidays, epidemics, and natural disasters to solicit personal information and use voice communication and text messages to deceive their victims.

 Key findings in the 2023 Verizon Data Breach Investigations Report:

  • 97% of cyber threat actors were motivated by financial gain
  • 3% of cyber threat actors were inspired by espionage
  • Techniques utilized to gain unauthorized access to an organization:
    • 49% stolen credentials
    • 12% phishing
    • 5% exploiting vulnerabilities

Social engineering attacks are notoriously difficult to prevent, as they depend heavily on the human element. It takes one employee’s mistake to compromise a municipal network’s integrity, demonstrating the significance of training employees on cybersecurity awareness. Data security policies combined with cybersecurity awareness training can assist employees in understanding how to detect and respond to social engineering attacks.

CIRMA Risk Management offers a Cyber Webinar Series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features cybersecurity-related online training courses and webinars proven to educate employees and reduce costly and disruptive cyber exposures.  Courses and webinars are available for employees to learn at their own pace, 24 hours a day, seven days a week.

If you haven’t taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform, contact your local CIRMA Risk Management representative to get started today. There is no additional charge to CIRMA members for this service. Visit CIRMA’s Cyber Center for helpful information on preventing and managing cyber exposures. Contact your local CIRMA Risk Management representative to get started today.

Back to Blog Next Article
ethernet cables

Don’t Miss Out: Cyber Assessments for CT Municipalities

New cyber assessment resources are available to help your public entity address evolving cybersecurity threats head-on.

View Posts

Social and Emotional Awareness

Failure to cultivate a workplace culture that advocates for mental health can subject employers to legal risks, including claims of workplace violence or failure…

View Posts

Work Zone Safety Works

It's everyone's collective responsibility to ensure safety in work zones. Road workers rely on their communities to keep them safe at work. CIRMA provides…

View Posts

Police Pursuit Policy Education and Awareness

Law enforcement agencies must ensure their personnel adhere to their Department and State of Connecticut Pursuit Policies to ensure their and others' safety and…

View Posts

Block the Bait: Cyber Phishing Attacks

Human error (still) remains the leading cause of cybersecurity breaches, as employees continue to fall victim to phishing attacks. Verizon’s Data Breach Investigation report…

View Posts
beat cyber social engineering attacks

Social Engineering: The Art of Human Manipulation

Social engineering attacks are one of the most common ways they exploit human instincts and uses psychological manipulation instead of exploiting technical vulnerabilities and…

View Posts
weak password help

Still Using Weak Passwords? Do This Instead.

Passwords have long been firmly established as the weakest link in an organization’s cybersecurity. Here's what you can do to avoid this significant yet…

View Posts
home work environment tips and best practices

Whitepaper: Create a Home Work Environment that Works for You

Creating a home workspace does not require extraordinary upgrades to your home or even purchasing fancy office equipment. Setting up a workspace with basic…

View Posts
wellness at work

Wellness at Work

The adoption of workplace social and emotional health programs skyrocketed over the past two years due to heightened visibility during the pandemic when remote…

View Posts
bench at sunset

Heat Stress & Heat Stroke

Anyone performing physical or athletic activities on hot or humid summer days is at risk for heat-related illnesses. Those likely to be in danger…

View Posts

Preventing Tick-borne Disease Exposure

In Connecticut, occupational exposure to tick-borne diseases is a recognized hazard. Outdoor workers must protect themselves in the spring, summer, and fall when ticks…

View Posts
wrist injury sprain strain workers comp

Preventing Sprains & Strains

Sprain and strain injuries are the most common and costly workplace injuries. Employees can injure their knee, shoulder, wrist, or back while performing everyday…

View Posts

Water You Waiting For?

Claims involving dehydration and heat exhaustion can be costly—Connecticut municipalities experienced over $150 million in related medical expense losses alone over the past five…

View Posts

Bee Safe

Bee and wasp stings are a common summer nuisance that can turn deadly if the victim develops a severe allergic reaction (anaphylaxis). Public Health…

View Posts