Social engineering: The human element of cyber security

Social engineering, a technique used by criminals for ages to deceive individuals into performing specific actions or divulging sensitive information, has found its place in the digital age. Today, it’s a go-to strategy for cybercriminals orchestrating phishing attacks, one of the most common forms of cybercrime. Phishing exploits one of cybersecurity’s biggest weaknesses – human beings – by combining technological manipulation and the subtleties of human deception to turn targets into victims. The exploitation of human behaviour and emotion, for which technology is yet to develop a reliable defense, makes social engineering and phishing a profitable enterprise for cybercriminals. Organizations worldwide are adopting secure protocols, security awareness training, and legislation to counteract these social engineering and phishing-based threats. This study aims to highlight the cybersecurity gaps linked to social engineering and phishing and examine the current countermeasures organizations employ against these forms of attack.