October is the European Cybersecurity Month (ECSM), a month dedicated in sharing knowledge and raising awareness on navigating the digital world safely. The initiative is coordinated by the EU Agency for Cybersecurity (ENISA) and supported by the European Commission and the EU Member States and includes promotional events across Europe.

Under the ECSM umbrella theme ‘Social Engineering’, which continues for second year, ENISA will be promoting materials created by Member States on scams, AI & deepfakes, smishing, secure settings and materials for students.

In addition, ENISA is producing a series of mini-interviews with representatives from EU Member States, on the ways that their different cultures and mentalities influence the character of cybersecurity awareness campaigns and target-audience approach.

Social Engineering: What you need to know

This threat category encompasses a wide range of activities that attackers deploy when attempting to gain access to either information or services through exploiting human error or behaviour. The key characteristic of this method is the use of manipulation techniques to trick potential victims into mistakenly sharing sensitive or private information. Usually, users might be lured to open documents, files or e-mails, to visit websites or to grant access to systems or services.  Social engineering can take place through various ways, including phishing, smishing, vishing, baiting and pretexting

The 2024 ENISA Threat Landscape report revealed that phishing, along with pretexting via email, remains one of the most important initiation vectors, meaning that they continue to be a primary cause of extended cybersecurity incidents. Findings indicate that, especially during the end of 2023 there was still a notable increase in social engineering incidents. According to the threat actor trends that the report highlights, both state-nexus actors and cybercrime actors use phishing to target identities and credentials.

In Belgium we do as Herstappe and keep cybercriminals out!