In 2022, social engineering was the #1 type of cyber attack, with an average cost of $4.1 million per incident. It’s so common that in the last six months, even Uber and Reddit were victims.

Data breaches that occurred in 2022 where social engineering was the attack vector took on average 270 days to identity and contain–201 days to identity the breach and 69 days to contain them.

When it comes to social engineering attacks, it’s all about the human element. In fact, 90% of cyber attacks against organizations target people instead of IT and cybersecurity defenses. Why? Cause the human is often the weakest part of the security chain.

In this episode of Privacy Files, we talk about some of the most common types of social engineering attacks–from phishing and baiting, to pretexting and honeytraps.
We’ll explain how social engineering attacks closely leverage the “Six Principles of Influence,” developed by American professor of Psychology and Marketing, Robert Cialdini.

Rich and Sarah share some personal stories, and then close out the episode with plenty of tips for avoiding becoming a victim a social engineering attack.

Links Referenced:
https://gizmodo.com/reddit-cyberattack-phishing-data-breach-cybersecurity-1850096804
https://nationaltoday.com/digital-learning-day/
https://venturebeat.com/security/what-ubers-data-breach-reveals-about-social-engineering/
https://mashable.com/article/uber-teen-hacker-slack-joke
https://venturebeat.com/datadecisionmakers/understanding-the-current-social-engineering-threat-landscape/
https://venturebeat.com/security/microsoft-dangerous-mismatch-in-security-battle-due-to-slow-mfa-adoption/
https://www.thesslstore.com/blog/social-engineering-statistics/
https://www.copado.com/devops-hub/blog/12-types-of-social-engineering-attacks-to-look-out-for