{"id":67869,"date":"2017-04-19T09:00:24","date_gmt":"2017-04-19T16:00:24","guid":{"rendered":"http:\/\/blogs.microsoft.com\/microsoftsecure\/?p=67869"},"modified":"2023-05-15T23:04:17","modified_gmt":"2023-05-16T06:04:17","slug":"is-social-engineering-the-biggest-threat-to-your-organization","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/","title":{"rendered":"Is social engineering the biggest threat to your organization?"},"content":{"rendered":"<blockquote><p>&#8220;Always remember: Amateurs hack systems. Professionals hack people.&#8221; \u2013Bruce Schneier, CTO, Counterpane Internet Security, Inc.<\/p><\/blockquote>\n<p>All over the globe, social engineering is a dominant and growing threat to organizational security. Since January 2015, the number of social engineering victims <a href=\"https:\/\/www.fbi.gov\/contact-us\/field-offices\/phoenix\/news\/press-releases\/fbi-warns-of-dramatic-increase-in-business-e-mail-scams\">identified by the FBI<\/a> has increased 270 percent, costing businesses more than $2.3 billion.<\/p>\n<p>Social engineering happens when a hacker uses manipulation, influence, or deception to get another person to release information or to perform some sort of action that benefits them. Essentially it just comes down to tricking people into breaking normal security procedures such as divulging a password.<\/p>\n<p>Some common types of social engineering include:<\/p>\n<ul>\n<li><strong>Spear phishing<\/strong> \u2013 sending an email that appears to be from someone you trust, such as the CEO or corporate IT, requesting you to take an action that makes confidential information vulnerable.<\/li>\n<li><strong>Dumpster diving<\/strong> \u2013 rummaging through the trash to try to find confidential information like design documents with IP information, marketing plans, employee performance plans, or even organizational charts and phone lists.<\/li>\n<li><strong>10 degrees of separation<\/strong> \u2013 appearing to have a shared connection you trust to make you feel more secure about <a href=\"http:\/\/www.csoonline.com\/article\/2123378\/identity-theft-prevention\/social-engineering--eight-common-tactics.html\">discussing confidential information<\/a>.<\/li>\n<\/ul>\n<p>No matter how strong your technical security is, your organization\u2019s people are often the most vulnerable link in the chain. But, with thorough, thoughtful, and regular education, they can also be your biggest asset in your fight against social engineering.<\/p>\n<p>To learn how to implement strong security policies and build a security-aware culture to help protect your organization from social engineering risks, check out the <a href=\"https:\/\/resources.office.com\/en-us-landing-social-engineering-ebook.html\">Insider\u2019s Guide to Social Engineering<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Always remember: Amateurs hack systems. Professionals hack people.&#8221; \u2013Bruce Schneier, CTO, Counterpane Internet Security, Inc. All over the globe, social engineering is a dominant and growing threat to organizational security. Since January 2015, the number of social engineering victims identified by the FBI has increased 270 percent, costing businesses more than $2.3 billion. Social engineering [&hellip;]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3663],"topic":[3687],"products":[],"threat-intelligence":[3736],"tags":[],"coauthors":[1957],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Is social engineering the biggest threat to your organization? | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Is social engineering the biggest threat to your organization? | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"&#8220;Always remember: Amateurs hack systems. Professionals hack people.&#8221; \u2013Bruce Schneier, CTO, Counterpane Internet Security, Inc. All over the globe, social engineering is a dominant and growing threat to organizational security. Since January 2015, the number of social engineering victims identified by the FBI has increased 270 percent, costing businesses more than $2.3 billion. Social engineering [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-04-19T16:00:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:04:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Secure Blog Staff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Secure Blog Staff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/trustedcloudteam\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Secure Blog Staff\"}],\"headline\":\"Is social engineering the biggest threat to your organization?\",\"datePublished\":\"2017-04-19T16:00:24+00:00\",\"dateModified\":\"2023-05-16T06:04:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/\"},\"wordCount\":266,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/\",\"name\":\"Is social engineering the biggest threat to your organization? | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"datePublished\":\"2017-04-19T16:00:24+00:00\",\"dateModified\":\"2023-05-16T06:04:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Is social engineering the biggest threat to your organization?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Is social engineering the biggest threat to your organization? | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/","og_locale":"en_US","og_type":"article","og_title":"Is social engineering the biggest threat to your organization? | Microsoft Security Blog","og_description":"&#8220;Always remember: Amateurs hack systems. Professionals hack people.&#8221; \u2013Bruce Schneier, CTO, Counterpane Internet Security, Inc. All over the globe, social engineering is a dominant and growing threat to organizational security. Since January 2015, the number of social engineering victims identified by the FBI has increased 270 percent, costing businesses more than $2.3 billion. Social engineering [&hellip;]","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/","og_site_name":"Microsoft Security Blog","article_published_time":"2017-04-19T16:00:24+00:00","article_modified_time":"2023-05-16T06:04:17+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png","type":"image\/png"}],"author":"Microsoft Secure Blog Staff","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Secure Blog Staff","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/trustedcloudteam\/","@type":"Person","@name":"Microsoft Secure Blog Staff"}],"headline":"Is social engineering the biggest threat to your organization?","datePublished":"2017-04-19T16:00:24+00:00","dateModified":"2023-05-16T06:04:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/"},"wordCount":266,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/","name":"Is social engineering the biggest threat to your organization? | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"datePublished":"2017-04-19T16:00:24+00:00","dateModified":"2023-05-16T06:04:17+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/04\/19\/is-social-engineering-the-biggest-threat-to-your-organization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Is social engineering the biggest threat to your organization?"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/67869"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=67869"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/67869\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=67869"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=67869"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=67869"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=67869"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=67869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=67869"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=67869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}