Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In what seems to be a constant drip of headlines about large enterprises experiencing security incidents, the world most recently learned of a successful data infiltration of rideshare and delivery company Uber. In a blog update, Uber attributed the attack to the infamous Lapsus$ group that has made a name for itself over the past year with successful breaches of household names including Microsoft, Rockstar Games, Samsung, Nvidia, Ubisoft, and Okta.

Social engineering is the psychological manipulation used to get others to do things or reveal private information. Between 70% and 90% of data breaches involve social engineering. Social engineering is currently one of the largest cybersecurity dangers facing both small and large enterprises. These “human hacking” techniques are commonly used in cybercrime to trick unwary users into disclosing information, dispersing malware infections or granting access to restricted systems.

When most people think about the origin of a cyberattack, the image is that of a hacker using some kind of exploit against software or hardware in order to gain unauthorized access to systems. The hacker is seeking data to exfiltrate and monetize, either through re-sale on the darknet or extortion through ransomware.

Trust is one of the things that makes us human. We evolved the ability to trust in order to make life or death judgment calls and it is wired into our brains from birth. Unfortunately, since time immemorial, nefarious characters have always abused the trust of others to their own advantage, and in the modern world it is now one of the primary tools in a cybercriminal’s arsenal.

For the average person, “traditional hacking” isn’t really an ever-present threat. It’s unlikely that a hacker will ever try to track you down, steal one of your devices, and bypass whatever you’ve set up to protect your personal data. Social engineering, on the other hand, is an increasingly common security threat that you’ve probably encountered many, many times before.

Artificial Intelligence (AI) is one of the most high-profile technology developments in recent history. It would appear that there is no end to what AI can do. Fom driverless cars, dictation tools, translator apps, predictive analytics and application tracking, as well as retail tools such as smart shelves and carts to apps that help people with disabilities, AI can be a powerful component of wonderful tech products and services.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we’ll learn about social engineering, its types, its evolution, and how to avoid falling victim to a social engineering attack. Kevin David Mitnick is considered one of the most famous social engineers among the IT community. Kevin is now a top cybersecurity speaker and a best-selling author.

We’ve previously discussed what social engineering attacks are and what you can do to prevent them. Here, we’re going to review the reasons why threat actors persist with these types of attacks and why every single employee is potentially susceptible to a social engineering attack.