The most important thing to note about social engineering is how it is an older form of attack, but an attack that will always exist because simple human error allows its manipulative nature to work. Currently when we say “social engineering” we picture two scenarios: a physical form of manipulation, or something on the internet like spear phishing in email attacks. Social networks are a rapidly growing platform for these attacks as well, and are a very tricky environment to address attacks in. Phone calls are even a realm that social engineering attacks can work in where scams, fraud, and more can take hold. Many companies provide corporate mobile phones to their users these days, and this can be even more complicated—your company may own that phone, but you can never fully control how it will be used or what calls will be made. That is the most concerning vector, the group agreed—when your employees go home and are no longer under consistent monitoring. If their personal computers or devices are attacked and enough information is gathered, a social engineering attack can transform into a crucial insider threat.
Once they acknowledged the many forms and paths of social engineering attacks, the group then had to ask: what is the best solution to addressing this issue? Teams can use many different kinds of software and systems to tackle the problem, but the group agreed that the best available option is simply education. While technology and software solutions can help keep track of these issues and try to remediate them as they happen, nothing will prevent social engineering attacks better than providing your workforce with a thorough education. These attacks prey on human error both on the corporate and personal fronts, and teaching employees how to behave in both settings to keep themselves and their organization safe will be the best preventative method to thwart attackers.