How security teams can combat social engineering and insider threats
By understanding how intelligence officers have traditionally recruited, assessed and developed spies for decades, security leaders can harden their organizations to bad actors.
Companies often focus on peripheral security controls to keep external attackers outside. In the meantime, malicious perpetrators have adapted their tactics accordingly and are now targeting the weakest link of an organization — their employees.
According to the Verizon 2021 Data Breach Investigations Report, 85% of data breaches involve a human element, with social engineering being among the most prevalent attack techniques. Social engineering refers to attackers who pursue victims to illegally disclose confidential information by exploiting their trust. And there is no better way to connect with a person than over social media, right? But considering the consequences that an employee might face if they try to illegally disclose confidential data, the question arises: why would an employee fall victim to social engineering attacks, and to what extent does exposure on social media increase the risk of victimization?