#2: Technology Is Rapidly Accelerating the Sophistication of Social Engineering Techniques and Attacks
Frank Abagnale, a reformed con artist whose 1960’s exploits were immortalized on film in Catch Me If You Can, has spent more than 50 years studying and employing social engineering techniques. He has seen major advancements in technology over the decades and has said many times, “What I did 50 years ago as a teenage boy is 4,000 times easier to do today because of technology. Technology breeds crime. It always has, and always will.”
The simple reality is that the new devices, software, and services that make our lives easier also make it easier for hackers and fraudsters to commit crimes. A late-2016 New York Times article explored the threat potential associated with the evolution of artificial intelligence. The piece noted that James R. Clapper, then the US Director of National Intelligence, cautioned that though AI is destined to simplify some things, it will “also expand the vulnerabilities of the online world.”
It is a wicked cycle; new technology becomes mainstream and cybercriminals work to exploit it. Unfortunately, technical advances aren’t as successful at protecting against social engineering attacks as they are at enabling them. As Abagnale once told SearchCloudSecurity, “There is no technology in the world, nor will there ever be, that beats social engineering.”
#3: Everyone Is a Potential Target
It's critical that you realize that you are not exempt from social engineering; you are a target. This is not just a “big business” problem:
- A 2016 study by the UK’s Federation of Small Businesses showed that social engineering is extremely taxing to small businesses. The report indicated that “smaller firms are collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.”
- Millennials have been raised with technology, which has led them to be highly reliant on their devices — and they often opt for convenience over security. A recent Raytheon survey showed that, though these users are tech-savvy, they freely share passwords and use open-access WiFi, even though they know the risks involved.
- If you are reading this, you have access to a device and electronic data, and both of those things are of interest to a cybercriminal. According to the Identity Theft Resource Center, between 2005 and October 25, 2017, there were more than 8,100 data breaches in the U.S. that put personally identifiable information (names, Social Security numbers, medical information, passwords, etc.) at risk. More than 1 billion records have been breached during that same time frame.