Social engineering: The human element of cyber security

Social engineering is a method that has been used by criminals and scammers for centuries in order to manipulate people in order to manipulate people into performing a particular action or into giving up sensitive or confidential information. Today, social engineering is a tactic employed by cybercriminals who carry out phishing attacks, one of the most pervasive forms of cyber-attacks. Phishing attacks exploit one of cybersecurity’s greatest vulnerabilities, people, by leveraging both technology and the art of human deception in order to turn targets into victims. Social engineering and phishing rely on human behavior and emotion, factors that technology has yet to find a defense for, making social engineering and phishing a lucrative avenue for cybercriminals. Secure protocols, security awareness training, and laws and regulations are being enacted by organizations across the globe to defend against social engineering and phishing-based attacks. The purpose of this study is to identify the gaps in cybersecurity that are associated with social engineering and phishing and investigate the current solutions organizations are taking to combat against these attack vectors.