More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to a new social engineering survey conducted by LastPass, a leader in password and identity management solutions.

Recent advancements in artificial intelligence (AI), particularly generative AI, have empowered cyber criminals to coordinate social engineering assaults with unprecedented precision and customization. Phishing and other types of social engineering attacks manipulate people into sharing information they shouldn't or making other mistakes that compromise their personal or organizational security.

Key findings from the survey:

• AI impact: More than 95% of respondents believe dynamic content through Large Language Models (LLMs) is making the detection of phishing attempts more challenging.

• Phishing threat: 81% of reporting businesses have seen an increase in phishing attacks in the past year. Phishing is projected to remain the top social engineering threat to businesses throughout 2024, surpassing other threats like business email compromise, vishing, smishing or baiting.

• Phishing testing programs: While 88% of respondents feel confident in their phishing testing programs, only 16% of users actually identify 75-100% of suspicious activity within these phishing testing programs. This difference points to a potential disconnect between their confidence and the actual effectiveness of the programs.

• Passkeys for resilience in the future: 78% of participating organizations recognize that replacing passwords with passkeys will enhance resilience against social engineering. Additionally, 96% of respondents plan to adopt passkeys, and many organizations are actively working to migrate employees away from passwords to mitigate social engineering risks.

• Password managers for resilience now: 61% of respondents use a password manager to prevent user credentials from being exposed via social engineering.

"In the evolving landscape of AI-fueled social engineering attacks, our security practices must be just as adaptable as the threat itself," said Alex Cox, director of threat intelligence at LastPass. "It's clear that IT and security leaders recognize the salience of this threat, as well as the ultimate solution to safeguarding their businesses' data: a security future that is free from passwords."

Password management: Measures to protect against social engineering

Social engineering attacks are so popular because they are comparatively easy to execute with a high success rate. Businesses can more successfully deter social engineering threats by understanding the nuances of prevalent attacks like phishing, baiting, business email compromise, and pretexting and educating employees accordingly. Implementing proactive measures including password managers, MFA and SSO, as well as empowering employees with knowledge, and fostering a security-conscious culture are essential to safeguarding the business.