Cybercriminals are no longer just hacking systems — they’re hacking people.
The latest 2025 Unit 42 Global Incident Response Report: Social Engineering Edition from Palo Alto Networks reveals an alarming trend in the world of cybersecurity: attackers are now focusing less on breaking through technology, and more on exploiting human trust.
According to the report, 36% of cyber incidents handled between May 2024 and May 2025 began with some form of social engineering — tactics designed to trick individuals into giving up access or sensitive data.
Social Engineering: The New Frontline of Cybercrime
While phishing remains a well-known threat, Palo Alto Networks’ research shows that attackers are getting creative. Over a third of all social engineering cases now use non-phishing methods, including SEO poisoning, fake system prompts, and help desk manipulation — all designed to mislead users into compromising their own devices.
The report outlines two major types of attacks emerging in 2025:
Targeted and high-touch compromises – where attackers impersonate employees or manipulate help desks using stolen identity data and even real-time voice lures.
Broad, at-scale deception campaigns – such as ClickFix, fake browser updates, and malicious search results that reach users en masse.
The Alarming Numbers Behind the Trend
- 13% of critical alerts were either missed or incorrectly classified, giving hackers time to exploit weak points in identity recovery workflows and internal systems.
- Over 50% of incidents led to data exposure or operational disruptions, resulting in lost productivity and financial strain.
- Generative AI has accelerated the sophistication of these attacks, with 23% involving voice or callback techniques.
- A staggering 93% of cases were financially motivated, showing that human-centered attacks remain a low-cost, high-reward tactic.
- Top targeted industries include manufacturing (15%), professional/legal services (11%), wholesale/retail (10%), and financial services (10%).
The Philippine Context: A Growing Need for Cyber Awareness
Here in the Philippines, issues such as identity-related fraud, illegal access, and data interference remain widespread. These threats are often powered by the same social engineering tactics described in the report.
The National Cybersecurity Plan 2023–2028 continues to address these risks through enhanced response teams, incident protocols, and nationwide awareness programs — but experts say awareness alone isn’t enough.
“The biggest vulnerability in cybersecurity isn’t the technology itself — it’s trust,” said Philippa Cogswell, Vice President and Managing Partner for Unit 42, Asia-Pacific & Japan. She explained that attackers now use AI to scale deception, exploiting gaps in identity management and human behavior.
“To truly protect organizations, we need to build resilience that safeguards not just systems, but people and processes as well,” she added.
How Organizations Can Build Cyber Resilience
The Unit 42 report emphasizes that companies should move beyond awareness campaigns and invest in systemic resilience. Key recommendations include:
Strengthen identity security – Use identity-based analytics and ITDR (Identity Threat Detection and Response) to flag abnormal logins or MFA misuse.
Adopt Zero Trust access – Limit privileges, apply conditional access, and segment networks to prevent lateral attacks.
Secure human workflows – Train frontline teams to recognize impersonation, pretexting, and voice-based scams, especially in help desk and identity recovery processes.
Expand monitoring beyond email – Keep an eye on browsers, DNS activity, and collaboration platforms to detect fake prompts and SEO traps before they spread.
Protecting People as Much as Systems
As digital threats evolve, it’s clear that cybersecurity is no longer just an IT issue — it’s a human issue. For Filipino businesses, this means training employees, enforcing secure access, and partnering with cybersecurity experts to stay ahead of modern threats.
To learn more, you can download the full report from Palo Alto Networks’ Unit 42: