How to navigate social engineering tactics for stronger employee and data security

By Scott Jarkoff, Director of Intelligence Strategy for APJ & META, CrowdStrike

Despite extensive educational campaigns to boost employee awareness of social engineering tactics,
threat actors continue to use social engineering with alarming efficacy.  Adversaries use emotion, urgency, and pretext to manipulate employees and harvest legitimate credentials, which allow them to enter a target organisation while bypassing security measures like authentication portals and firewalls. Once inside, adversaries can swiftly and covertly navigate the environment, engaging in malicious activities such as data theft and ransomware deployment, severely disrupting business operations. By using legitimate privileged credentials, adversaries can remain undetected for months, providing ample opportunity to fully compromise the organisation.

The CrowdStrike 2024 Global Threat Report found that 75% of attacks to gain access were malware-free. As identity-based attacks continue to rise, security teams must defend against social engineering techniques. We explore the most common methods below…