In the latest episode of Secure Insights, we sat down with Heather Benwell, Chief Marketing Officer at ChallengeWord, to discuss one of the most rapidly growing threats in cybersecurity today: social engineering.

Social engineering has evolved into one of the most dangerous and rapidly growing threats in modern cybersecurity. With a staggering 442% rise in voice phishing (vishing) and 98% of cyberattacks now leveraging some form of human manipulation,

the traditional security perimeter is no longer defined by firewalls and passwords, it’s defined by people.

“This is not just about phishing emails anymore,” warns Heather. “We’re talking voice cloning, deepfakes, AI-generated scripts, tools that make attackers frighteningly convincing.”

Social engineering exploits trust, urgency, and fear. Attackers create a sense of pressure, threatening consequences or offering rewards, to trick individuals into giving up credentials, transferring money, or clicking malicious links. And now, with advanced

AI tools in play, these tactics are more polished and harder to spot than ever before. Benoit’s company, ChallengeWord, is pioneering a new approach to combat this surge in real-time deception. Unlike traditional MFA, which verifies devices or credentials, ChallengeWord authenticates people, especially during voice interactions where social engineering thrives. The solution integrates with familiar SSO providers like Google and Microsoft, allowing users to validate callers using a pre-agreed

"challenge word."

“It gives people the power to challenge a potential impersonator without feeling awkward or accusatory.”

The statistics speak for themselves:

• 98% of all cyberattacks now involve social engineering.

• Organizations face more than 700 social engineering attempts annually.

• The average cost of a data breach in 2024 is $4.8 million.

The real-world impact of these tactics is devastating. Heather references the 2023 MGM breach, where attackers successfully impersonated IT staff to reset credentials and shut down critical systems causing major operational and financial fallout. Another case resulted in a $45 million settlement linked to a similar attack vector.

“These aren’t isolated incidents. They’re happening every day to companies of all sizes,” she says. “And they’re getting more personal, more targeted, and harder to detect.”

So, how can organizations fight back? She outlines a layered, people-first approach to defence:

• Adopt identity verification solutions like ChallengeWord.

• Train employees through regular phishing simulations and social engineering drills.

• Foster a culture of questioning, where staff feel empowered to double-check requests, even from internal sources.

“I know a cybersecurity expert who got phished despite having access to breach data,” Heather admits. “The point is, no one’s immune. The moment we get complacent is the moment we get compromised.”

Today it’s no longer enough to just invest in stronger firewalls or smarter AI filters. Human behaviour is both the biggest risk and greatest opportunity in cybersecurity. As attackers evolve, our defences must be built not just on tech but on trust, training, and smarter identity checks.

“Attackers are getting smarter,”. “So must we.”

Check out the full episode with Heather:

Spotify: https://lnkd.in/eHSj6949

Amazon: https://lnkd.in/eaNPmsHM

Apple: https://lnkd.in/eSgCUfBP