Skip to main content
Protect Yourself

Mid-Year Cybersecurity Checkup

By July 15, 2025August 18th, 2025No Comments

If you’re like us, you can’t believe we are already halfway through the year! It’s the perfect opportunity to analyze not only how much we have accomplished, but where we are at with our cybersecurity posture. How have we been doing these past 6 months? What can we improve upon? No matter what your answers are, the truth is that humans remain one of the most targeted and vulnerable points of any security strategy. This can be seen in the rise of targeted social engineering attacks, as well as AI-driven deception tactics. These factors plus others show how vital it is for us to stay on top of security. With that in mind, let’s review some key trends from the first half of the year, discuss potential threats, and prepare for the rest of 2025.

Mid-Year Cybersecurity Checkup

H1 2025 in Review: Social Engineering on the Rise

According to Keeves.com; In 2025 so far, vishing attacks have increased by 40%. Additionally, AI-driven social engineering attacks grew by 50%. Ease of access to AI is only making the threat landscape more dangerous. As if these statistics aren’t jarring enough, the current economic uncertainty lends itself to growing insider threats.

Social engineering continues to bypass technical defenses by weaponizing trust. Rosa Rowles Human Risk Analyst at Social-Engineer, LLC says; “Malicious actors use influence techniques such as authority, urgency, fear, reciprocity, and other biases, to socially engineer behaviors and get individuals to take an action that they normally would not, such as surrendering sensitive information they’d never intentionally give away. Given the rise of AI-driven social engineering attacks, it emphasizes the need for increased awareness and continued training based on realistic attacks.”

Your Mid-Year Checklist: 5 Human-Focused Security Actions

Noting the above information, it is more important than ever to increase our company’s security. How can we do this? Let’s look at 5 human-focused security actions.

1. Run a Baseline Social Engineering Assessment

Simulated phishing, vishing, smishing, and impersonation, exercises have never been more necessary than they are today. Training and testing your employees on how to respond to real world threats is one of the best ways to strengthen your human firewall.

2. Update and Personalize Training

Different employees in different roles need different training. Move beyond a one-size-fits-all approach to adaptable testing. Science has shown that Computer Based Training is not effective, although it is the easiest to roll out.

3. Reinforce a Non-Punitive, “Pause and Verify” Culture

Encourage deliberate decision-making and open communication with a focus on reporting suspicious messages.

4. Review Incident Response Plans with a Human Focus

Include behavioral indicators, escalation paths, and social engineering scenarios. Include your IR folks in these discussions to figure out how to ease their burden during testing and ensure corporate messaging stays aligned.

5. Audit Your Leadership Communication

Ensure that those in leadership and those who are high-value targets understand impersonation risks and have extra safeguards by utilizing advanced offensive security testing specifically targeted to them.

Prepare for Q4 Threats Now

Preparing for Q4 threats now is vital, as we often see a surge in social engineering attacks in this quarter due to the holidays, financial deadlines, budget changes, employee turnover and distractions. Along with the above suggestions, you could also gear up by launching or preparing training campaigns in the late summer. This added awareness will aid your company with the rise of social engineering attempts.

Your Greatest Defense

Humans may be the most targeted point of your security posture, but they can also be your greatest defense.

Proper testing, training, and a positive security culture, will only help to strengthen your human firewall. If you follow through with the mid-year checkup, this proactive move will steer your security in the right direction and ensure your company not only survives but thrives.

Need help assessing your human risk surface? Let’s talk. Reach out to the professionals at Social-Engineer, LLC at any time for tips, help, personalized quotes on our various tailored services, or information on our upcoming security conference. Together, we’re the strongest firewall.

Written by
Shelby Dacko
Human Risk Analyst, Social-Engineer, LLC

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now