Social engineering remains biggest cybersecurity threat

Almost 70% of data breaches involve the human element. Here's how organisations can keep their most vital assets – employees, finances and data – safe from scammers.
Anna Collard
Social engineering remains one of the most effective forms of cyberattack because humans are easier to exploit than machines. Cybercriminals use psychological manipulation to trick individuals into giving up access to systems or personal information. These attacks can take place through various channels, such as emails (phishing), phone calls, SMS, social media, chat apps, and even video conferencing.
The success of social engineering lies in its constant evolution. There is no fixed pattern, making it difficult to rely solely on technology for protection. The human element involved means that we must continually adapt to new tactics. With the rise of artificial intelligence (AI), attacks are becoming more sophisticated, especially with deepfakes - realistic but fake images and videos - leading to misinformation and manipulation.
Cybercriminals exploit human emotions and cognitive biases to achieve their goals. Impersonation, creating urgency, and leveraging authority are common tactics. By pretending to be someone familiar or creating fear, scammers prompt victims to act impulsively, such as clicking on a malicious link or sharing sensitive data. Personality types also influence vulnerability, with impulsive, stressed, or multitasking individuals more likely to fall victim than those who are calmer and more attentive.
Consequences
For businesses, the consequences of social engineering attacks include financial loss, data breaches, privacy violations, and business disruptions. A major breach can damage a company’s reputation and erode customer trust, leading to potential legal liabilities.
To protect against these attacks, organisations can implement technological solutions like email filters to block phishing attempts and multi-factor authentication to add a layer of security. User-behaviour analytics can help detect unusual activities that might indicate a compromised account. However, technology alone is insufficient.
Organisations must invest in cybersecurity training and foster a human-centric security culture. Mindfulness can play a significant role here. My research shows that mindfulness positively impacts 23 out of 33 factors that make humans vulnerable to social engineering, such as cognitive and psychological weaknesses. Mindful employees are more likely to avoid multitasking and pause before reacting, improving concentration, resilience, and clarity.
For this shift to occur, companies need to cultivate a supportive organisational culture, with leadership emphasising employee well-being over immediacy. Integrating mindfulness into cybersecurity training, such as emotional phishing awareness and a zero-trust mindset, can enhance awareness campaigns and make individuals less susceptible to social engineering attacks. - Distributed by APO Group on behalf of KnowBe4.
*Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA (www.KnowBe4.com).
**Opinion pieces and letters by the public do not necessarily reflect the opinion of the editorial team. The editors reserve the right to abridge original texts. All newspapers of Namibia Media Holdings adhere to the Code of Ethics for Namibian Media, a code established jointly with the Media Ombudsman.