SOC Expert Perspectives: 5 Key Social Engineering Threats
Social engineering attacks are an escalating threat to modern organizations, with data breaches caused by these tactics taking an average of 257 days to contain, as revealed in IBM’s 2024 Cost of a Data Breach Report. Additionally, social engineering was used in 30% of breaches in 2023 alone, underscoring the increasing prevalence and impact on cybersecurity.
As a growing attack trend, social engineering is a topic we often discuss on the SOC Unlocked podcast. Here, I’ve gathered a few key insights gleaned from my recent guests, including
SOC experts Anthony Coggins and Dave Kennedy. They provide an in-depth look at the risks stemming from human error and the increasingly sophisticated techniques attackers use to exploit these weaknesses.
1. Human Vulnerability Remains the Greatest Threat
“The people side of cybersecurity is both our greatest strength and vulnerability.” - Anthony Coggins, Director of Information Security at Acrisure
Human vulnerability continues to be the most significant challenge in cybersecurity. In his podcast episode, Coggins delved into the psychological aspects of social engineering, highlighting how attackers exploit basic human instincts like kindness and helpfulness to breach digital defenses. Just as in the physical world, where simple actions—such as holding a door open for someone or offering assistance without verifying their identity—can bypass security, the digital world is rife with similar risks.
Cybercriminals leverage seemingly innocuous requests, such as phishing emails that mimic trusted contacts or urgent messages that prey on a victim’s sense of responsibility, to manipulate individuals into revealing sensitive information or granting unauthorized access. These digital equivalents of "holding the door open" underscore how easily attackers can exploit goodwill and trust to infiltrate secure environments.
2. Deepfakes and Voice Cloning as New Forms of Social Engineering
“Social engineering with deepfakes and voice cloning and calling the help desk—we're only gonna see more and more of that. So those attacks are what organizations need to be focusing on.” - Anthony Coggins
Advanced techniques like deepfake calls and voice cloning have opened a new chapter in the evolution of social engineering attacks, allowing cybercriminals to convincingly impersonate trusted individuals with unsettling accuracy. These methods make it far easier for attackers to manipulate employees into performing actions they would otherwise be cautious about, such as authorizing fraudulent transactions or disclosing sensitive information.
As Coggins points out, these sophisticated tactics blur the line between human interaction and technology, posing a unique challenge for traditional security measures. The ability to clone voices or create realistic deepfake videos allows attackers to bypass conventional authentication methods, such as voice verification or video conferencing, which many organizations still rely on.
3. Attackers Target Human Behavior with MFA Bypass
“The uptick in MFA bypass attacks and the types of more advanced social engineering that's being done is unlike anything like we've ever seen before.” - Anthony Coggins
Despite the implementation of technological defenses like multi-factor authentication (MFA), human error remains a significant risk. Attackers are increasingly bypassing MFA through sophisticated methods, such as MFA fatigue attacks, credential stuffing, and downgrading to less secure forms of authentication like SMS-based codes. These tactics exploit weaknesses in both human behavior and legacy authentication systems.
Coggins advocates for a proactive shift toward passwordless authentication systems, which not only simplify the user experience but also significantly enhance security by reducing the potential for human error. By eliminating passwords and traditional authentication steps that attackers commonly exploit, organizations can limit opportunities for social engineering attacks and MFA bypass attempts.
4. Understanding Offensive Capabilities is Key
"You can't defend something you don't understand. By understanding offense, you have a much clearer picture about the best way to defend against the attackers." - Dave Kennedy, Founder & Chief Hacking Officer of TrustedSec and Binary Defense.
A fundamental understanding of the tactics, techniques, and procedures employed by attackers is crucial for developing effective defense strategies. Kennedy emphasizes that this knowledge not only allows organizations to anticipate potential threats but also enables them to recognize subtle indicators of social engineering attacks, such as unusual requests or suspicious communication patterns.
This proactive approach also informs more effective training programs, helping employees identify red flags before they become serious breaches. Ultimately, combining offensive insights with defensive strategies better equips organizations to stay one step ahead of attackers with quicker detection and faster incident response.
5. AI and Behavioral Analysis Needed to Combat Social Engineering
"Incorporate a lot of large language models, artificial intelligence, and machine learning into becoming more efficient." - Dave Kennedy
The integration of artificial intelligence (AI) and behavioral analysis into security operations can significantly enhance defenses against social engineering attacks. Kennedy says that AI-driven systems can automate the initial stages of threat analysis, enabling faster identification and mitigation of potential threats, and relieving human analysts from repetitive, time-consuming tasks.
In addition, advanced behavioral analysis powered by AI allows organizations to continuously monitor and assess user behavior for unusual patterns or anomalies that could indicate a social engineering attempt. By recognizing subtle deviations in communication or activity—such as changes in language, tone, or response times—AI can detect early warning signs of an attack before it escalates. The use of AI and machine learning not only improves efficiency but also enhances adaptability.
Strengthening Cybersecurity by Embracing Human Awareness
To navigate the complexities of social engineering threats, organizations must prioritize understanding the human element in cybersecurity. While technology plays a crucial role in defense, the actions and awareness of individuals remain a critical factor in preventing attacks. By leveraging insights from experts like Anthony Coggins and Dave Kennedy, organizations can adopt strategies that not only strengthen technical defenses but also foster a culture of security vigilance.
For more in-depth discussions, listen to the full episodes of SOC Unlocked featuring Anthony Coggins and Dave Kennedy below!