Mohan Koo, Dtex Systems co-founder and president.
getty
Social engineering has become the go-to tactic for foreign adversaries, affording the ability to access and steal data and IP quickly, easily and at scale. This is largely due to social platforms, generative artificial intelligence (GenAI) and foreign talent programs. Judging by our company's own investigations and the headlines, it’s clear the biggest target is the insider—the employee or contractor with privileged access to sensitive intel. In the wrong hands, that information can be weaponized to wreak havoc on critical infrastructure, undermine confidence and even jeopardize national security.
Social engineering occurs when an adversary with malicious intent outsmarts or tricks an otherwise well-meaning individual into disclosing sensitive data for their own gain. That gain might be financial, ideological, political or otherwise. Sometimes it’s a mix of reasons.
We’ve seen a steep rise in the number of organizations explicitly wanting support in countering foreign interference and IP theft, especially among technology, pharma, and critical infrastructure industries. Perhaps the biggest threat and concern relates to foreign talent plans, where nation-states recruit, plant and pay their own civilians to take high-value data from another organization in exchange for money.
In the eyes of an adversary, if the data can be exploited to boost their own national, military or economic advantage, then it’s worth paying for.
This insidious form of social engineering can play out in any number of ways.
In one scenario, an "agent" is planted and tasked with taking data without even realizing the malicious nature of what they are doing (at least not until it’s too late and the authorities come knocking at their door). In other scenarios, the agent (or the agent’s family) might be lured or even blackmailed to steal data. Other times the agent might already be malicious and have an agenda of their own.
Once inside, the agent can abuse their position to socially engineer other insiders to gain data access. In any case, the potential for exploitation of any insider misstep or oversight is rife with opportunities to conduct espionage, IP theft or system sabotage.
Tech Puts Social Engineering On Steroids
AI, large language models (LLMs) and social platforms exacerbate the threat. While the rise of such technology has spurred enormous benefits for workforce productivity and profitability, the same tech is being used to accelerate social engineering outreach at a fraction of the cost and effort of traditional advanced persistent threats (APTs).
Using GenAI and LLMs, threat actors can create personable, grammar-free emails that appear indistinguishable from what the genuine sender would typically write. They can create and send phishing attacks at unprecedented speed and scale. Then there’s the risks associated with networking sites. Too often, we hear about an agent posing as a credible authority on LinkedIn. They’ll target and start an exchange with a company insider, grooming them before offering an opportunity involving information exchange in return for financial remuneration.
All it takes is one insider to take the bait to unwittingly reveal sensitive intel to a malicious actor with the intent and capability to cause harm.
The risks of deep fakes also should not be taken lightly. The ability of such tech to undermine truth and dismantle stability is something no entity can afford to ignore, especially against a backdrop of persistent geopolitical tensions.
Blurred Lines: Insider Risks Meet External Threats
Taking this into account, it’s no wonder so many threat actors are increasingly leveraging social engineering rather than focusing on malware alone. The fact is most organizations now have sufficient defenses to protect against "external" malware attacks. This makes it even more expensive and difficult for threat actors to execute them successfully. At the same time, organizations have gotten smarter about how they address ransomware, with many now refusing to pay up.
This isn’t to say that ransomware or malware are no longer threats. The opposite is probably true, made worse and more effective due to the human element combined with new tech and the inner motivations of threat actors. And that’s the point: When there’s a data breach, there is almost always a human involved—and increasingly with an element of social engineering.
This mixing of vectors and tactics has created a precarious and complex threat landscape where the lines between internal and external threats have become extremely blurred.
Staying Resilient From The Inside Out
To date, most organizations have underfunded their insider risk programs—but this is changing. The momentum around insider risk management has never been greater, as risk leaders increasingly understand that a proactive approach to preventing security incidents is no longer a pipedream.
By leaning into behavioral science, risk leaders can better understand the risks they are dealing with—whether internal, external, socially engineered or otherwise. By embracing the good in AI, risk leaders can fight fire with fire by accelerating their own investigation efforts. By educating employees on social engineering tactics and motivations, organizations can foster an educated workforce that is equipped to outsmart those tasked with espionage. Finally, by fostering bidirectional loyalty with a trusted, respected, protected, valued, and engaged workforce, organizations can turn their employees into their strongest line of defense, giving them purpose and conviction to do right by the company.
But countering threats from the inside out cannot be limited to business lines. Bridging the information-sharing gap between public and private sectors will be key to uplifting protective security resilience and keeping our most mission-critical establishments safe from foreign interference and social engineering.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
