Check Point just released a survey conducted by Dimensional Research about the security threat posed by social engineering. The survey found:
The threat of technology-based security attacks is well understood, and IT organizations have tools and processes in place to manage this risk to sensitive corporate data. However, social engineering attacks are more challenging to manage since they depend on human behavior and involve taking advantage of vulnerable employees.
The survey found that breaches initiated by social engineering attacks were costly, particularly to large organizations:
- 48% of large companies and 32% of companies of all sizes have experienced 25 or more social engineering attacks in the past two years
- 48% of all participants cite an average per incident cost of over $25,000
- 30% of large companies cite a per incident cost of over $100,000
The leading social engineering attack profile was phishing. The survey defined phishing as pretending to be a trustworthy entity in an electronic communication. As this graph from the survey report shows, phishing predominates the attack profile, almost equaling all the other social engineering schemes combined.