Despite high-profile ransomware, nation-state and supply chain attacks dominating headlines over the past few years, social engineering — and phishing, in particular — remains the top cause of data breaches. In fact, according to CISCO’s 2021 Cyber Security Threat Trends report, about 90% of data breaches occur due to phishing.
Social engineering attacks are designed to trick, deceive or psychologically manipulate targets into divulging sensitive information, disclosing account information or performing an action, such as sending the attacker money. Bad actors typically exploit current events and invoke tones of fear and urgency to incite the victim to act on their behalf. For example, during the start of the COVID-19 pandemic, security leaders saw a range of social engineering threats — from emails claiming fake news and cures to those asking for donations to fraudulent charities.