Does Social Engineering Really Work?
Does social engineering really work? Yes, I believe it does. The main two reasons that I believe social engineering in the context of cybercrime works, is because firstly, it targets what I think is the weakest link in any digital security system, the human. The second reason why I believe social engineering works is because it has been around since humans have existed. It is still used to this day. Why? Because it works. The reason for this is because social engineering doesn’t just involve digital threats like phishing or ransomware, it also sometimes involves manipulating humans, more specifically, manipulating them by taking advantage of their qualities or emotions.[footnoteRef:1] Social engineering is used and works all the time, by everyone. Whenever we try to get someone to give us something or do something for our benefit, we are social engineering.[footnoteRef:2] [1: Jovi Umawing and Jovi Umawing, 'Social Engineering Attacks: What Makes You Susceptible? - Malwarebytes Labs' (Malwarebytes Labs, 2019) accessed 13 October 2019.] [2: Christopher Hadnagy, Social Engineering (Wiley Pub 2011) Ch. 1.]
One of the most common forms of social engineering, phishing, tries to take advantage of human rashness and recklessness.[footnoteRef:3] Phishing scams may try to trick users by getting them to click on links and attachments that seem legitimate but are actually not. These types of scams are so successful due to the sense of urgency created in an individual.[footnoteRef:4] This technique is especially effective due to the fast-paced world that we currently live in. We consume information at an unprecedented speed and due to this, phishing is highly effective. [3: Ibid (n 1)] [4: Nabie Y. Conteh and Paul J. Schmick, 'Cybersecurity: Risks, Vulnerabilities And Countermeasures To Prevent Social Engineering Attacks' (2016) 6 International Journal of Advanced Computer Research 32.]
Save your time!
We can take care of your essay
- Proper editing and formatting
- Free revision, title page, and bibliography
- Flexible prices and money-back guarantee
Place an order
There is irrefutable evidence to suggest that social engineering works. The annual cost of cybercrime and economic espionage to the global economy is more than $445 billion annually–or almost one percent of total global income[footnoteRef:5] If even one percent of this is through the use of social engineering, it would account for tens of billions of dollars in annual losses. Therefore, it can not simply be overlooked. Furthermore, it can not simply be said that social engineering doesn’t work. It can easily be inferred from the above data that social engineering is not just working, it is working very well. [5: Ibid.]
Social engineering also takes advantage of some innate human characteristics and emotions, such as fear and desire. Ransomware tries to scare people into paying sums of money, which if unpaid, locks individuals out from their own digital devices, and consequently their data. The advance-fee scam still works to this day because it appeals to the human desire for money and it also takes advantage of peoples’ greed. Cat-phishing scams are also very powerful because they involve a cybercriminal pretending to be someone they are not in order to develop a fake, online, romantic relationship with an individual with the aim usually being to either waste someone’s time or to extract money from an individual. These types of scams will always continue to work because humans will always be born with and will naturally develop innate characteristics and emotions which make them vulnerable to these types of attacks. No technical countermeasures can eliminate the human vulnerability.[footnoteRef:6] These scams still exist, because they still work. If they didn’t work anymore, they wouldn’t exist. [6: Ibid 33.]
Another form of social engineering is tailgating. This attack exposes those who have the ability to grant or gain access to a restricted area by an attacker who may impersonate delivery personnel or others who may require temporary access.[footnoteRef:7] This type of attack takes advantage of general human decency and common courtesy. This type of attack gives criminals access to restricted areas from where a large amount of data can be stolen and from where viruses and malware can be installed onto an organization’s machines. This allows for further spying by the cybercriminal. What may start off as a social engineering attack can soon balloon into a threat that is much bigger and much more dangerous? Again, this type of attack also takes advantage of the fast-paced environment that we live in. We often don’t question and stop people who look like they know what they are doing and who look like they belong in a certain place. [7: Ibid 32.]
There are preventative measures that may use to stop social engineering attacks from working. However, these measures have their owns problems and therefore social engineering still works. For example, companies could provide all their employees with security training and teach them how to identify social engineering attacks and how to prevent them. This would condition employees to be cautious, keep a close eye on everything, and allow them to easily identify social engineering attacks. However, a lack of resources is perhaps the leading contributor to the exponential growth of social engineering and cybercrime. Not a lot of organizations have the resources to implement thorough security training and invest in anti-cybercrime solutions. “While the cost of cyber victimization is nearly a half trillion dollars, it has not hurt global economies enough and may even be in the realm of appearing as a cost of doing business.”[footnoteRef:8] Unless social engineering and cybercrime become unbearable and heavily eat into the profits of companies, they probably won't take action. [8: Ibid 33.]
Despite all of this, the best way to combat social engineering is to simply develop the knowledge that people have about socially engineered attacks.[footnoteRef:9] Unfortunately, no matter what sort of measures are put into place to prevent social engineering, once cybercriminals are aware of the countermeasures taken by an organization, they can develop new methods of social engineering that most people would be unfamiliar with.[footnoteRef:10] Furthermore, as I have mentioned already, humans are the weakest link in any countermeasures taken against social engineering. Hackers can engineer their attacks towards specific people based on data that they have already collected.[footnoteRef:11] For example, employees that are anxious, angry, vulnerable, and/or depressed have a higher chance of responding to phishing emails.[footnoteRef:12] Additionally, extroverted people are more likely to give out information easily; these types of people leave behind personal information and digital footprints which can be used by hackers to gain access into the target organization.[footnoteRef:13] Employees also develop complacency in that they trust their company’s IT infrastructure too much and are therefore more susceptible to attacks.[footnoteRef:14] Another factor that causes organizational vulnerability is the fact that some employees just don’t care enough and simply lack the motivation to protect their organizations from socially engineered attacks.[footnoteRef:15] Even if organizations were able to successfully implement measures against social engineering and were able to get their employee to perfectly adhere to these measures, I would still not make them invulnerable[footnoteRef:16] Criminals are always developing new methods of social engineering which individuals will be unaware of no matter how much training they receive.[footnoteRef:17] [9: Hussain Aldawood and Geoffrey Skinner, 'Reviewing Cyber Security Social Engineering Training And Awareness Programs—Pitfalls And Ongoing Issues' (2019) 11 Future Internet.] [10: Ibid 3.1.4] [11: Ibid 3.1.6.] [12: Ibid.] [13: Ibid. ] [14: Ibid.] [15: Ibid.] [16: Ibid.] [17: Ibid.]
In conclusion, the answer to the question as to whether social engineering really works is a resounding yes. Through my research, I have learned that social engineering in the context of cybercrime is highly effective. It is simply the use of a system that has worked on humans for the past hundreds of thousands of years, only this time it is applied to successfully carry out cybercrime. The essence of social engineering, I believe, is the manipulation and exploitation of innate human characteristics and emotions. For as long as humans exist, social engineering will work on them. Humans are the weakest link in any security system in the world. There are many ways that individuals and organizations have tried and continue to try to prevent social engineering. Despite this, social engineering is as prevalent as ever and the same scams that have worked for ages continue to work to this day. I don’t believe that social engineering will ever be eliminated, and that is because humans will always be humans, and humans will always have emotions and weaknesses. Humans will always make mistakes. Therefore, they are much easier to “hack” than any computer system. That is why they are socially engineerable.