Statistics You Need to Know About Social Engineering

Have you ever experienced a social engineering attack?

These scams try to catch you off guard, leveraging fear, curiosity, habit and innate trust against you. The term social engineering refers to personalised psychological manipulation and tactics that leverage your trust in order to steal data or hack into your network or device.

Cyber criminals have increasingly turned to social engineering because it is a highly-effective and subtle way to gain employee credentials and access to troves of valuable data. 

Here are some statistics you need to know about social engineering...and how to protect your organisation.

Social engineering scams stole over $5 billion worldwide from 2013-2016. (PhishMe)

• Clearly, this is a growing problem. As the quality of anti-virus and malware scanning software has improved, cyber criminals are turning to social engineering against individual employees...even to the point of 'spear phishing' or 'whaling' against bigger targets like senior management or CEOs.
• Do you know how to spot CEO Email Fraud?

55% of all emails are spam. (Symantec)

• Considering the sheer volume of emails that many of us receive each day, this statistic is important. You may be able to spot more common red flags or obvious spam, but this constant flow of messages wears down your ability to spot the more subtle tricks embedded in messages that are just a few degrees off.
• Investigate email security services from experts like Mimecast to expertly filter and prompt you when an attachment or message looks suspicious.

Only about 3% of malware tries to exploit an exclusively technical flaw. The other 97% instead targets users through Social Engineering. (KnowBe4)

• Cyber criminals know that people are often the gateway to valuable credentials and databases or account details. With a simple trick or digital slight of hand on a bad day, they know you could be an easier target than running every username-password combination in a data dump until they get a hit.
• Don't underestimate your role in preventing cyber-attacks against your organisation! Security awareness training is one way you can help each of your team members to understand how their digital habits could be changed to improve cyber-security for the entire business.

91% of attacks by sophisticated cyber criminals start through email. (Mimecast)

• We must pay more attention to the emails we send and receive! Take the extra time to communicate sensitive information in person, if possible. Be careful about what information you share with a stranger over email, or what information you put about yourself on social media. Sophisticated phishing scams have been known to use information about your networks and position through LinkedIn or Facebook to gain just enough details about you to seem plausible, or pique your curiosity.

The top emotional motivators behind successful phishes are entertainment, social, and reward or recognition. (PhishMe)

• As more companies adopt preventative measures, the older motivators like fear and curiosity have caused fewer successful phishing scams. This means that 'consumer scams' targeting employees personally while on the job have increased in frequency. The lines can become blurry when employees are using personal devices for work or checking their social or news notifications whilst taking a break. Improving endpoint device security is one way to combat this shift in phishing tactics.