Artificial Intelligence & Machine Learning , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

Social Engineering Defenses in the AI-Enabled Attacker Era

Attackers Scale Up Automation, Use of Stolen Personal Data, Says Sharon Conheady
Sharon Conheady, director, First Defense Information Security

Criminal use of social engineering at scale continues to surge, as AI-driven automation and easy access to stolen personal information enables attackers to create ever-more sophisticated and tough-to-detect assaults, says Sharon Conheady of First Defense Information Security.

See Also: Global Threat Report 2024: Executive Summary

"Nearly every hack we see now has a social engineering aspect," said Conheady, a Black Hat Europe conference review board member in charge of the human factors track.

"When social engineering started out, it was kind of a nice thing. It was a fun thing. People got a bit of a kick out of it from our side of things," she said, referring to the research community.

All of that has changed, thanks to attackers' ability to combine automation and artificial intelligence-driven tooling with the inexpensive availability of people's stolen personal information to rapidly create very sophisticated and customized phishing campaigns and other schemes. "Now the sheer scale of it, the tools and technology that attackers have to support them, it's just off the charts," she said. "Eventually, it's always successful."

In this video interview with Information Security Media Group at Black Hat Europe 2023, Conheady also discussed:

  • How and why the cybersecurity industry needs to be kinder, especially as criminals get "nastier and nastier";
  • The inevitable tension between employees whose job it is to help people - such as help desk staff or hotel receptionists - and the need to defend against social engineering attacks against them;
  • How technical controls can best be used to blunt attacks that include a social engineering component.

Conheady specializes in the human side of security and has socially engineered her way into dozens of organizations across the U.K. and abroad, including company offices, sports stadiums, government facilities and more.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.