Cybersecurity professionals face heightened risks as social engineering emerges as the leading method used by attackers to gain unauthorized entry into organizational systems. While technical defenses continue to evolve, human vulnerabilities remain a persistent target for malicious actors seeking financial gain or pursuing state-sponsored objectives. Persistent threat groups and tactics have shifted, with attackers employing increasingly sophisticated ruses to access sensitive information across a broad spectrum of industries. As organizations grapple with this trend, maintaining strong cybersecurity awareness and response strategies has become a key concern for leaders.
Recent reports differ from those released several years ago, which often highlighted malware, ransomware, or phishing emails as the top initial vectors. Social engineering’s predominance now reflects the growing complexity of attacks combining technical prowess with psychological manipulation. Furthermore, the appearance of nation-state involvements and criminal collectives marks a shift from previously more isolated or less organized incidents. The broader range of victimized companies also underscores the widespread nature of the threat compared to earlier periods where specific industries were primarily targeted.
Unit 42 Observes Social Engineering Trends
Palo Alto Networks’ Unit 42 reports that 36% of the security incidents it investigated over the past year were initiated through social engineering techniques. The investigation encompassed over 700 incident response cases, ranging from small enterprises to Fortune 500 companies, with nearly three-quarters of these attacks affecting organizations in North America. Scattered Spider, also tracked as Muddled Libra, and North Korean threat actors have played key roles in exploiting this approach.
Which Groups Are Driving These Attacks?
Threat groups with differing motivations, from cybercrime collectives to nation-state actors, increasingly rely on social engineering. Financial motives accounted for the vast majority—93%—of these attacks. According to Michael Sikorski, Chief Technology Officer and VP of Engineering at Unit 42,
“We’re constantly engaged with them. It’s just been one after another is what it feels like to us.”
Notably, North Korean operatives have infiltrated the workforce at several multinational firms, using deceptive employment tactics to support their government’s finances.
How Does Social Engineering Impact Organizations?
Data exposure is a prevalent consequence, with social engineering attacks leading to compromised data in 60% of the incidents investigated—significantly higher than that of other intrusion methods. Attackers often target help desk staff, system administrators, and personnel with broad access privileges. Sikorski elaborates,
“Those people often have the privileges to everything that the attacker wants.”
These attacks leverage human trust and access, bypassing technical security layers.
Social engineering’s rise underscores an ongoing challenge in information security: human susceptibility. Cybersecurity teams are now required to expand training, maintain rigorous verification protocols, and routinely assess their incident response capabilities. It is also evident that attackers are refining their methods, focusing more on individuals positioned to facilitate access rather than solely exploiting technical flaws. Increased awareness and actionable safeguards, such as strengthening identity verification processes and educating employees, can help mitigate risks. As attack patterns continue to shift, keeping abreast of threat intelligence remains a vital practice for organizations intent on protecting their assets and data.