Overview
There is no question regarding how technically highly-advanced and sophisticated cyber-criminals are. They possess adequate skills and know-how to intrude inside the IT network and steal sensitive information and bring the IT ecosystem to a standstill.
Nevertheless, one often overlooked fact is that most of the IT incidents stem from social engineering: an act of stealing sensitive information through deception and using fraudulent and manipulative ways. And an insider is the key link in this social engineering who can provide necessary information to other actors for executing targeted attacks.
Indeed, social engineering has shaken the cyber world time and again. Who could forget the sensational cyber-heist involving a bank some six years ago? While criminals were able to exploit the security vulnerabilities, at least one insider was thought to be the key actor in the social engineering required to execute a cyber-heist.
While a gullible actor may unintentionally pass key information through social engineering, but in most cases, it has been witnessed that compromised insiders are the ones who work in tandem with external bad actors to execute a data breach.
Recently, in a report citing cyber specialists, U.N. experts revealed that hundreds of millions of dollars are being stolen by state-sponsored cyber-actors. These cyber-actors target financial institutions, exchanges and cryptocurrency companies for funds required to sponsor illicit nuclear and missile programs.
Phishing, malware, code exploitation among other methods is used to target financial institutions. However, what is striking is that these actors also rely on advanced social engineering to siphon funds.
According to the World Economic Forum’s Global Risks report 2022, 95% of cybersecurity incidents can be traced to human mistakes wherein insider threats- intentional or accidental- represent 43% of all security breaches.