Social Engineering Attacks: Why do we fall for them and what we can do about it.
By Dr. Ian Wilkinson
Would you believe that 98% of all cybercrime or cyber-attacks within the past year have been the result of social engineering? Seismic data loss attributed to some form of social engineering attack has been an epidemic-level threat that is currently plaguing thousands of people, both personally and professionally, at home and in the workforce. Phishing, a highly effective method that enables threat actors to deceive users and steal important data normally through unsolicited email attempts, was the cause of more than 240k successful cyberattacks in 2021. Addressing social engineering-induced cyber-attacks is important to information technology (IT) security managers to minimize organizational risks and effectively safeguard data from associated security breaches.
However, most of us think we practice vigilance and caution when exploring our connected world. We use protective tools and measures, processes, and procedures, yet the numbers do not lie. Social engineering is a method used by threat actors – employing their tactics, techniques, and procedures to trick us into providing sensitive information or information that can be used against us, yielding the desired outcome that benefits a threat actor. S So why do we keep falling for social engineering attacks and when are we most vulnerable? Well, it has everything to do with how we perceive the world around us.
Most of our behavior can be mapped to a theory expressed by a professor of psychology at the Yale University School of Management. The basis of Dr. Victor Vroom’s Expectancy Theory suggests that most of our behavior is a product of and motivated by anticipated results or consequences. Vroom (1964) proposed that a person behaves in a certain way based on the expected result of the chosen behavior. Knowing ourselves, our connected environment, and tailoring our expectations in favor of vigilance can be the key to reducing our vulnerability to social engineering attacks.
About Ian Wilkinson
Ian Wilkinson CTO|MA-ITM|PMP|ITIL|CISSP|GCIH|GCIA|TS-SCI – United States Army
Ian Wilkinson CEO Cyber Ballet LLC
Ian’s professional experience reflects 25 years of creative leadership and visionary capacities in complex, competitive, and highly regulated government, and commercial information technology industries. His leadership has been sought by domestic and international partners—lead teams which managed ERP systems, cybersecurity, systems integration, vendor relationships, network infrastructure, and organizational support. As Founder and CEO of Cyber Ballet has been assisting organizations in developing their information technology (IT) strategy and infrastructure, facilitate IT training, and provide innovative solutions that take advantage of opportunities for growth.
Hear Ian May 10-11 2022 Register for Austin Cyber Show Zoom Events
Join US and Canada cyber community members at the inaugural Austin Cyber Show Conference at Concordia University Texas, May 10-11. During the two-day cyber defense conference, participants can engage in discussions with peer leaders and industry experts on the cyber risks and challenges that businesses, leaders, developers, educators, and students face each day.