New employees the most susceptible to social engineering

Social engineering attacks are widespread, frequent and cost organisations thousands of dollars annually according to new research from security firm Check Point Software Technologies.

A survey of 850 IT and security professionals located in the U.S., Canada, U.K., Germany, Australia and New Zealand found almost half, 48 percent, had been victims of social engineering and had experienced 25 or more attacks in the past two years. Social engineering attacks cost victims an average of $25,000 - $100,000 per security incident, the report states.

"Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive information," according to a statement from Check Point on the survey. "Hackers today leverage a variety of techniques and social networking applications to gather personal and professional information about an individual in order to find the weakest link in the organisation."

Among those surveyed, 86 percent recognise social engineering as a growing concern, with the majority of respondents, 51 percent, citing financial gain as the primary motivation of attacks, followed by competitive advantage and revenge.

The most common attack vectors for social engineering attacks were phishing emails, which accounted for 47 percent of incidents, followed by social networking sites at 39 percent.

New employees are the most susceptible to social engineering, according to the report, followed by contractors (44 percent), executive assistants (38 percent), human resources (33 percent), business leaders (32 percent) and IT personnel (23 percent). However, almost a third of organisations said they do not have a social engineering prevention and awareness program in place. Among those polled, 34 percent do not have any employee training or security policies in place to prevent social engineering techniques, although 19 percent have plans to implement one, according to Check Point.