[White Paper] Social Engineering: What You Need to Know to Stay Resilient

Security and IT teams are losing sleep as would-be intruders lay
siege to the weakest link in any organization’s digital defense:
employees. By preying on human emotion, social engineering scams
inflict billions of dollars of damage with minimal planning or
expertise. Cybercriminals find it easier to manipulate people
before resorting to technical “hacking” tactics. Recent research
reveals that social engineering is leveraged in 98% of attacks.

As the rapid, ongoing acceleration of remote work raises the
stakes, security leaders are fighting back with education and
awareness. Resources developed by experts, like this new white
paper — “Social Engineering: What You Need to Know to
Stay Resilient^[1]” — identify the most
common tactics, track how these types of attacks are evolving, and
provide tips to protect organizations and their end-users. These
insights not only inform security practitioners of the latest
tactics and emerging threats, but help employees understand that
safeguarding data is not just a “security team problem.” Instead,
every teammate is vulnerable to social engineering schemes, and
every teammate must play their part to safeguard sensitive
data.

To help security teams recognize inbound swindles, “Social
Engineering: What You Need to Know to Stay Resilient” unpacks the
history and evolution of social engineering attacks, provides tips
for resiliency, and dissects the five stages of a modern social
engineering attack:

1. Targeting – Threat actors start by identifying
   a target. Usually, they target companies. And the most efficient
   way to breach a company? Through its employees. Targeting can take
   place in multiple ways, from physically scouting workplaces for any
   sensitive information to using leaked data found online.
2. Information gathering – Once the target has
   been selected, the next step is reconnaissance. Threat actors scour
   open-source intelligence. Valuable information can be found in
   employees’ social media accounts, forums that they’re registered
   to, and more. The information they find is used in the next step of
   the chain.
3. Pretexting – After completing their homework,
   bad actors strategize. Pretexting involves fabricating or inventing
   a scenario to trick the target into divulging information or
   performing an action. The main goal in the pretexting stage is to
   build trust between the threat actor and the victim without causing
   suspicion.
4. Exploitation – After a relationship has been
   built, threat actors will attempt to steal sensitive information
   and gain initial access to a victim’s computer or company
   environment.
5. Execution – Finally, using this newfound
   access, threat actors attempt to achieve their end goal — whether
   financial or political or personal — by infecting the target
   environment with malicious content, leading to a compromised
   network.

To learn more about social engineering and measures you can take
to keep your organization, download “Social Engineering: What You
Need to Know to Stay Resilient” here^[2].