Under Attack?
In 2025, social engineering remains the primary vector for cyber-attacks. While organisations continue investing in sophisticated cyber security technologies, many continue to underestimate cyber criminals' preference for exploiting human vulnerabilities with the manipulation or bribing of employees being a highly effective attack strategy.
Approximately 98% of cyber-attacks leverage social engineering, particularly phishing. With high-profile attacks like the M&S and Co-Op breaches in the UK highlighting persistent gaps in preparedness, the threat landscape demands increased vigilance and proactive security measures.
A high-profile reminder: Marks & Spencer attack
In July, Marks & Spencer confirmed that a sophisticated social engineering attack resulted in a severe ransomware breach.
Threat actors from the Scattered Spider group impersonated one of the 50,000 people working with the company to trick a third-party entity into resetting an employee's password. This allowed cyber criminals to infiltrate the network, resulting in a data breach that exposed 150GB of sensitive data and caused significant operational disruption, with projected financial losses exceeding £300 million.
The persistent internal threat
Hybrid work models have expanded the risk landscape, making employees working offsite particularly vulnerable. Cyber criminals exploit remote work environments through targeted phishing attacks, identity impersonation, and MFA bypass tactics, significantly increasing the potential for credential harvesting and unauthorised access to critical systems.
Organisations must proactively address these threats through targeted education and security measures to protect their critical assets.
Employee education: turning your staff from target to shield
Employees are your first line of defence against social engineering threats. Regular communication, robust training sessions, and simulated phishing exercises help build awareness and resilience.
Key best practices include:
- Avoid clicking links or opening attachments from unknown senders.
- Never disclose sensitive information via phone, email, or SMS.
- Cross-verify identities through multiple channels before sharing information.
- Implement multi-factor authentication (MFA).
- Regularly update antivirus and malware protection.
Creating a positive workplace culture also reduces employee susceptibility to bribery or manipulation, decreasing insider threat risks.
Proactive threat hunting with managed detection and response (MDR)
Human error is inevitable, so proactive threat detection is crucial. Organisations struggle with high volumes of phishing attacks, often overwhelming internal security teams.
Partnering with a Managed Detection and Response (MDR) provider like Integrity360 can significantly enhance security by:
- Continuously monitoring for phishing and social engineering attacks.
- Swiftly identifying and isolating threats.
- Allowing internal teams to focus on strategic security tasks.
How integrity360's cyber security testing services help
Integrity360’s comprehensive Cyber Security Testing services directly address the vulnerabilities exploited in attacks like the M&S breach. Our specialised services include penetration testing, security audits, and realistic social engineering assessments that replicate phishing, impersonation, and other human-focused attack methods.
Detailed reports from these assessments provide actionable insights, allowing organisations to enhance employee training, tighten protocols, and fortify defences against future attacks.
Discover how Integrity360’s expert social engineering testing services can protect your business here.
Strengthening defences in hybrid environments
To effectively combat the evolving threat of social engineering:
- Regularly train and test employees, including remote workers.
- Review and reinforce helpdesk identity verification protocols.
- Enhance detection and response capabilities with MDR.
- Continuously evaluate security through Integrity360’s testing services.
Integrity360 is your partner in reducing risk and strengthening defences against social engineering attacks.
Ready to enhance your security posture? Contact Integrity360 today to arrange your assessment and safeguard your organisation.
