Notifications
Clear all
Topic starter
27/06/2026 1:15 pm
TL;DR: Attackers are evolving tactics faster than many traditional defenses can absorb, while social engineering remains a dominant entry method and defender lesson source, according to Abnormal AI’s Innovate 2025 webinar with Sherrod DeGrippo. The practical takeaway is that security programmes must treat human decision paths, not just technical controls, as part of the attack surface.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams reduce social engineering risk in identity workflows?
A: Security teams should remove unnecessary human discretion from identity-critical processes such as recovery, approval, and escalation.
Q: Why do social engineering attacks keep working against modern IAM controls?
A: They keep working because many IAM controls still depend on a person making the right decision under pressure.
Practitioner guidance
- Map human decision points in identity workflows Identify every approval, reset, escalation, and exception path where a person can be persuaded to grant access or reveal a secret.
- Harden help-desk and reset procedures Require stronger identity proofing before account recovery, password reset, or MFA re-enrolment.
- Limit approval-based access by default Use policy and workflow design to reduce real-time approval dependency for sensitive access.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The live discussion of attacker mindset and how threat actors adapt their social engineering tactics over time.
- The speaker's practical guidance on what defenders should look for when anticipating the next wave of advanced threats.
- The session's on-demand format and ISC2 CPE eligibility for practitioners who need to combine learning with continuing education.
- The webinar framing around why social engineering remains a dominant weapon and how to counter it in day-to-day defence work.
👉 Watch Abnormal AI's on-demand webinar on social engineering and attacker adaptation →
Social engineering and hacker mindsets: what defenders need to know?
Explore further
27/06/2026 2:31 pm
Social engineering is an identity governance failure, not just a user-awareness problem. When attackers can influence approval, reset, or delegation decisions, the control failure sits inside the identity process itself. That makes IAM, PAM, and service desk workflows part of the threat model, not merely adjacent support functions. Practitioners should treat social engineering as a governance issue that must be designed out where possible.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, which shows how often human behaviour still undermines technical controls.
A question worth separating out:
Q: How can teams tell whether identity processes are too easy to manipulate?
A: Look for repeatable manual steps, permissive recovery flows, and approvals that can be rushed without independent verification. If an attacker can predict the sequence from persuasion to access, the process is too dependent on trust and too lightly governed.
👉 Read our full editorial: Social engineering outpaces traditional defenses in threat strategy
