Social tactics includes phishing and other related social engineering activities.  Basically, social tactics are methods used to penetrate an organization’s cybersecurity defenses by attacking the human.  The employee is often considered the weakest link in the security chain.  The primary reason that the employee is often a security risk is that it is very difficult to ensure the behavior of an individual.  Attackers use a variety of methods to trick employees into performing an action such as installing malicious software, divulging non-public information, or performing an unauthorized transaction. 
Social Tactics Remain A Threat
The annual Internet Security Threat Report (ISTR) from Symantec provides key statistics on various threats facing organizations today.  With regards to social tactics, several key statistics are outlined below.
 
  •     65 percent of attacker groups used spear phishing as the primary infection vector. (pg. 49)
  •     Phishing URLs were 1 in 170 of all URLs in 2018. (pg. 48)
  •     1 in 36 mobile devices has high-risk apps installed. (pg. 41)
  •     The email phishing rate is the highest for organizations less than 250 employees at 1 in 2,696. (pg. 28)
  •     The rate of employees target by phishing is highest at smaller organizations at 1 in 52. (pg. 28)
  •     The malicious email rate, 1 in 323, is the highest at smaller organizations (pg. 25)
  •     Scripts are the most common malicious file attachment at 47.5 percent. (pg. 27)
  •     Office files account for 48 percent of malicious email attachments. (pg. 24)
In today’s threat environment, organizations of all sizes must address the human element of cybersecurity.  By performing security awareness training and testing, an organization can augment technical controls and build a layered defense addressing social tactics.  PhishingBox provides tools and resources, including our downloadable guide on key security controls to implement.  In addition, PhishingBox provides security awareness training and testing solutions.  If you don’t have the time or resources to implement controls yourself, talk to us about our Socially Secured program, which provides fully managed cybersecurity awareness training and testing.