Social Engineering: The Human Side of Cybersecurity

Your people are your biggest attack surface - and your last line of defence. Here is how to build a security culture that turns users from liability into asset. Last year, a finance director at a mid-sized retailer received a call from someone claiming to be from the company IT support. The caller knew the director name, their direct dial, and the name of the email provider. Within 12 minutes, the director had handed over credentials that gave attackers access to the accounting platform, the ERP system, and the backup infrastructure. The breach cost GBP 2.3 million and took eight months to fully resolve. No malware was involved. No zero-day exploit. Just a phone call and carefully researched pretexting. This is social engineering - and it remains the most effective attack vector in modern cybersecurity, precisely because it exploits the one variable that technical controls cannot fully govern: human behaviour. Why Technical Controls Are Not Enough Most organisations have invested heavi