chat
expand_more

SOC Expert Perspectives: 5 Key Social Engineering Threats

Explore insights from SOC leaders on the evolving landscape of social engineering threats, highlighting human vulnerabilities and strategies to enhance cybersecurity.
October 3, 2024

Social engineering attacks are an escalating threat to modern organizations, with data breaches caused by these tactics taking an average of 257 days to contain, as revealed in IBM’s 2024 Cost of a Data Breach Report. Additionally, social engineering was used in 30% of breaches in 2023 alone, underscoring the increasing prevalence and impact on cybersecurity.

As a growing attack trend, social engineering is a topic we often discuss on the SOC Unlocked podcast. Here, I’ve gathered a few key insights gleaned from my recent guests, including

SOC experts Anthony Coggins and Dave Kennedy. They provide an in-depth look at the risks stemming from human error and the increasingly sophisticated techniques attackers use to exploit these weaknesses.

1. Human Vulnerability Remains the Greatest Threat

“The people side of cybersecurity is both our greatest strength and vulnerability.” - Anthony Coggins, Director of Information Security at Acrisure

Human vulnerability continues to be the most significant challenge in cybersecurity. In his podcast episode, Coggins delved into the psychological aspects of social engineering, highlighting how attackers exploit basic human instincts like kindness and helpfulness to breach digital defenses. Just as in the physical world, where simple actions—such as holding a door open for someone or offering assistance without verifying their identity—can bypass security, the digital world is rife with similar risks.

Cybercriminals leverage seemingly innocuous requests, such as phishing emails that mimic trusted contacts or urgent messages that prey on a victim’s sense of responsibility, to manipulate individuals into revealing sensitive information or granting unauthorized access. These digital equivalents of "holding the door open" underscore how easily attackers can exploit goodwill and trust to infiltrate secure environments.

2. Deepfakes and Voice Cloning as New Forms of Social Engineering

“Social engineering with deepfakes and voice cloning and calling the help desk—we're only gonna see more and more of that. So those attacks are what organizations need to be focusing on.” - Anthony Coggins

Advanced techniques like deepfake calls and voice cloning have opened a new chapter in the evolution of social engineering attacks, allowing cybercriminals to convincingly impersonate trusted individuals with unsettling accuracy. These methods make it far easier for attackers to manipulate employees into performing actions they would otherwise be cautious about, such as authorizing fraudulent transactions or disclosing sensitive information.

As Coggins points out, these sophisticated tactics blur the line between human interaction and technology, posing a unique challenge for traditional security measures. The ability to clone voices or create realistic deepfake videos allows attackers to bypass conventional authentication methods, such as voice verification or video conferencing, which many organizations still rely on.

3. Attackers Target Human Behavior with MFA Bypass

“The uptick in MFA bypass attacks and the types of more advanced social engineering that's being done is unlike anything like we've ever seen before.” - Anthony Coggins

Despite the implementation of technological defenses like multi-factor authentication (MFA), human error remains a significant risk. Attackers are increasingly bypassing MFA through sophisticated methods, such as MFA fatigue attacks, credential stuffing, and downgrading to less secure forms of authentication like SMS-based codes. These tactics exploit weaknesses in both human behavior and legacy authentication systems.

Coggins advocates for a proactive shift toward passwordless authentication systems, which not only simplify the user experience but also significantly enhance security by reducing the potential for human error. By eliminating passwords and traditional authentication steps that attackers commonly exploit, organizations can limit opportunities for social engineering attacks and MFA bypass attempts.

4. Understanding Offensive Capabilities is Key

"You can't defend something you don't understand. By understanding offense, you have a much clearer picture about the best way to defend against the attackers." - Dave Kennedy, Founder & Chief Hacking Officer of TrustedSec and Binary Defense.

A fundamental understanding of the tactics, techniques, and procedures employed by attackers is crucial for developing effective defense strategies. Kennedy emphasizes that this knowledge not only allows organizations to anticipate potential threats but also enables them to recognize subtle indicators of social engineering attacks, such as unusual requests or suspicious communication patterns.

This proactive approach also informs more effective training programs, helping employees identify red flags before they become serious breaches. Ultimately, combining offensive insights with defensive strategies better equips organizations to stay one step ahead of attackers with quicker detection and faster incident response.

5. AI and Behavioral Analysis Needed to Combat Social Engineering

"Incorporate a lot of large language models, artificial intelligence, and machine learning into becoming more efficient." - Dave Kennedy

The integration of artificial intelligence (AI) and behavioral analysis into security operations can significantly enhance defenses against social engineering attacks. Kennedy says that AI-driven systems can automate the initial stages of threat analysis, enabling faster identification and mitigation of potential threats, and relieving human analysts from repetitive, time-consuming tasks.

In addition, advanced behavioral analysis powered by AI allows organizations to continuously monitor and assess user behavior for unusual patterns or anomalies that could indicate a social engineering attempt. By recognizing subtle deviations in communication or activity—such as changes in language, tone, or response times—AI can detect early warning signs of an attack before it escalates. The use of AI and machine learning not only improves efficiency but also enhances adaptability.

Strengthening Cybersecurity by Embracing Human Awareness

To navigate the complexities of social engineering threats, organizations must prioritize understanding the human element in cybersecurity. While technology plays a crucial role in defense, the actions and awareness of individuals remain a critical factor in preventing attacks. By leveraging insights from experts like Anthony Coggins and Dave Kennedy, organizations can adopt strategies that not only strengthen technical defenses but also foster a culture of security vigilance.

For more in-depth discussions, listen to the full episodes of SOC Unlocked featuring Anthony Coggins and Dave Kennedy below!

Tune In
SOC Expert Perspectives: 5 Key Social Engineering Threats

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More