A majority of cyber security executives say their organizations might have been victims of at least one targeted social engineering attack in the past year, according to a new study by Information Security Media Group (ISMG) on behalf of security company Agari.

The study is based on a survey of more than 200 executives, and about two thirds (65%) of those organizations that were attacked via social engineering say that employees' credentials were compromised as a result of the attacks. In addition, financial accounts were breached in 17% of the attacks.

While traditional attacks leverage technology-based system vulnerabilities, such as software bugs and misconfigurations, social engineering attacks take advantage of human vulnerabilities by using deception to trick targeted victims into performing harmful actions, the report noted.

Examples of social engineering attacks, which are typically launched through email, include phishing, spear phishing and business email compromise.

Nearly 90% of those surveyed have seen either a steady pace or an increase in spear phishing and other targeted email attacks in the past year. Roughly half of the respondents rate the effectiveness of the current controls they deploy to defend against social engineering attacks as average or below, with 20% admitting they didn't know if their brands have been used in social engineering attacks on customers or partners.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access