{"id":371,"date":"2026-05-01T12:24:53","date_gmt":"2026-05-01T11:24:53","guid":{"rendered":"https:\/\/cisr.tech\/?p=371"},"modified":"2026-06-24T11:15:22","modified_gmt":"2026-06-24T10:15:22","slug":"non-technical-risks-social-engineering","status":"publish","type":"post","link":"https:\/\/cisr.tech\/index.php\/2026\/05\/01\/non-technical-risks-social-engineering\/","title":{"rendered":"Non-Technical Risks and Social Engineering"},"content":{"rendered":"\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<p class=\"has-primary-color has-text-color has-link-color wp-elements-9cfd51922ad9098c1f00be13990f2f0e wp-block-paragraph\">Organisations continue to invest heavily in technical security controls such as firewalls, endpoint protection and intrusion detection systems. However, a growing proportion of successful attacks now bypass these controls by targeting people rather than technology.<\/p>\n\n\n\n<p class=\"has-primary-color has-text-color has-link-color wp-elements-0d2b5a00eb2745b0a2bde60cf056226c wp-block-paragraph\">This is commonly referred to as <strong>social engineering<\/strong>. It relies on manipulation of human behaviour\u2014such as trust, urgency, authority and routine decision-making\u2014rather than exploiting software vulnerabilities.<\/p>\n\n\n\n<p class=\"has-primary-color has-text-color has-link-color wp-elements-c64c90a712b05e4b24f4c9806f67c148 wp-block-paragraph\">As a result, human factors have become a primary attack vector, with security incidents increasingly originating from non-technical weaknesses.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-primary-color has-text-color has-link-color wp-elements-4e423e49264a59fe6d894c75ec70fbce\">Key non-technical risk factors<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-6f5d1de522ee7f2e85d58c5532a33291\">Trust in apparent authority (e.g. executives, suppliers, IT support)<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-1041b3ca246985c6858b324d6f3263c9\">Time pressure and urgency in decision-making<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-afa80c2d91ba99f6ac2bf44678ae1de7\">Limited verification of requests through secondary channels<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-9ed986c53b59b90f2e0d1de0268c4fb8\">Low awareness of evolving scam techniques<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-40be3ba8bb89e9aa65163a76c712d840\">Over-reliance on email, SMS and voice communications<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading has-primary-color has-text-color has-link-color wp-elements-34d195dc58266f91237b0a10310c6de1\">Common attack methods<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-02f997b0523973fee40229efa250cda6\"><strong>Phishing \/ Spear phishing:<\/strong> Targeted messages designed to steal credentials or trigger malicious actions<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-23124d2b6cdb08d2432539381565b62d\"><strong>Business Email Compromise (BEC):<\/strong> Impersonation of executives or suppliers to initiate fraudulent payments<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-857e6749529a19fe7272598a13955928\"><strong>Smishing \/ Vishing:<\/strong> SMS and voice-based scams using urgency and impersonation<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-46be1c7c2688e37d3a2e5c4c3791a4b6\"><strong>Pretexting:<\/strong> Fabricated scenarios used to extract information or access sites &amp; offices<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-0df8c14afd6f259a169982bdd5286777\"><strong>MFA fatigue attacks:<\/strong> Repeated authentication prompts intended to force accidental approval<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Business impact scenarios<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-b652974354b659b76d653da043204e2c\"><strong>Individual compromise (financial loss):<\/strong> Users are tricked into entering credentials on fake sites, resulting in account takeover and direct financial loss.<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-ec4487e4e53785ca712ac4f78f9654f2\"><strong>Employee compromise (organisational loss):<\/strong> Staff authorise fraudulent payments based on impersonated executive requests, resulting in significant financial and reputational impact.<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-9b124d3dac0cead4c68e14772cdedefb\"><strong>Organisational breach (downstream impact):<\/strong> Compromised employee accounts enable access to sensitive systems and customer data, leading to regulatory exposure, legal liability and loss of trust.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading has-primary-color has-text-color has-link-color wp-elements-14f136a51d254e92971a4f209ad599dd\">Emerging trends<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-e755baaaa9c302fd25434a79db646cb0\">Increased use of AI to generate highly convincing phishing communication content<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-d76655c42fb726115515858e25ca9a4e\">Deepfake voice impersonation of senior stakeholders<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-54221818b8bb5286dda08336306ca230\">Coordinated multi-channel attacks (email, SMS, phone, on-site visits)<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-f467d7351f681b71d337b20a7cf8a2da\">Large-scale automated credential harvesting campaigns<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading has-primary-color has-text-color has-link-color wp-elements-7b0fe31ac844b4af0d3e1c3285139197\">Mitigation requirements<\/h3>\n\n\n\n<p class=\"has-primary-color has-text-color has-link-color wp-elements-b73a0ec26259ef2fefcacf7069af28be wp-block-paragraph\">Technical controls alone are insufficient. Effective reduction of risk requires:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-1ddf6582a2bb865b6c009a59b7fe80b2\">Mandatory verification procedures for financial and sensitive requests<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-d0da975ba59a240290b6fb9171b2b494\">Role-based access control and least privilege enforcement<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-ae9d0c052908f4a60d289cd699638f1f\">Continuous security awareness training with scenario-based testing<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-9e6a6bf7d5a80dcc2bcb486a44fd984a\">Clear, non-punitive incident reporting processes<\/li>\n\n\n\n<li class=\"has-primary-color has-text-color has-link-color wp-elements-757746ea1c698c73eac57726f2fb3acb\">Regular phishing simulation and behavioural reinforcement<\/li>\n<\/ul>\n\n\n\n<p class=\"has-primary-color has-text-color has-link-color wp-elements-2636e3cbb9614d73ed8ef0d5f62ad4e2 wp-block-paragraph\">The threat landscape has shifted from system-centric attacks to people-centric exploitation. Without addressing the human attack surface through structured controls and behavioural safeguards, organisations remain exposed regardless of the strength of their technical defences. <\/p>\n\n\n\n<p class=\"has-primary-color has-text-color has-link-color wp-elements-25389b0ee404cc4ab5fc64aa1f503b9e wp-block-paragraph\">CISR.Technical&#8217;s engineers specialise in all-domain systems hardening, communications, data, identity management and network security. All domain level security is massively increased and policies, processes and systems are built in adhere with <strong>Cyber Essentials+ certification<\/strong> standards as a bare-minimum. CISR.Technical provide <strong>higher level certification standards (ISO27001:2022, SOC2)<\/strong> can be achieved through additional works with clients and their technical infrastructure teams. <\/p>\n\n\n\n<p class=\"has-primary-color has-text-color has-link-color wp-elements-e457352820715dd565892517dcc86f8c wp-block-paragraph\"><a href=\"mailto:contact+site@cisr.tech\" target=\"_blank\" rel=\"noreferrer noopener\">Contact CISR.Technical for a consultation achieve your highest standards in cyber security compliance today.<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Organisations continue to invest heavily in technical security controls such as firewalls, endpoint protection and intrusion detection systems. However, a growing proportion of successful attacks now bypass these controls by targeting people rather than technology. This is commonly referred to as social engineering. It relies on manipulation of human behaviour\u2014such as trust, urgency, authority and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[30,28,25,29,27,9,26],"class_list":["post-371","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-manipulation","tag-non-technical","tag-phishing","tag-psychology","tag-se","tag-social-engineering","tag-vishing"],"_links":{"self":[{"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/posts\/371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/comments?post=371"}],"version-history":[{"count":12,"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/posts\/371\/revisions"}],"predecessor-version":[{"id":526,"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/posts\/371\/revisions\/526"}],"wp:attachment":[{"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/media?parent=371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/categories?post=371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cisr.tech\/index.php\/wp-json\/wp\/v2\/tags?post=371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}