The human factor: Why you’re the new cyber target

The human factor: Why you're the new cyber target

By Todd Lukens, Chief Technology and Information Security Officer

An error occurred while preparing your download

Today's hacker groups aren't just exploiting software vulnerabilities - they're capitalizing on the rapid adoption of artificial intelligence (AI) and other emerging technologies to target people.

Their goal? To manipulate individuals, bypass security protocols and gain access to sensitive systems and data. And once they're in, they move quickly - escalating privileges, extracting data and sometimes locking down entire networks with ransomware.

If you use a phone, check email or log into company systems, you play a critical role in keeping your organization secure.

These threats aren't just technical, they're psychological. Attackers use impersonation, urgency and emotional pressure to gain trust and slip past defenses.

They might pose as a colleague, vendor or leader, asking for help in a way that feels familiar or time sensitive. These requests can seem harmless, but they're often designed to catch you off guard.

That's why awareness and instinct are powerful tools. You don't need to be a cybersecurity expert to make a difference. Slowing down, asking questions and following procedures can stop an attack before it starts.

Warning signs to watch for:

1. Unnecessary sense of urgency: "I need this right now or I'll be in a lot of trouble" Urgency is a classic manipulation tactic. Real emergencies are rare. If someone's rushing you, pause and verify.

2. Requests to bypass normal procedures: "Can you bypass the approval process just this once?" Legitimate requests follow legitimate channels. If someone asks you to break protocol, that's a red flag.

3. Too much personal information: "I'm calling from a coffee shop near the office because my laptop died and I spilled coffee on my phone." Scammers often over-share to build trust. These details are designed to sound relatable, but they're often fabricated.

4. Emotional manipulation: "This is a direct request from our CEO. I was put on point to see this through. Can you help me out?" Using urgency and emotion is a manipulation tactic used to get compliance through pressure, fear, or loyalty. Sometimes hacker groups go even further -- using deepfake audio and video to impersonate executives and make fraudulent requests appear legitimate. These AI-generated fakes mimic voices and faces with alarming realism, turning trust into a vulnerability.

5. Information fishing: "What system do you use for that? Who usually handles these requests?" These questions might seem harmless, but they're often a way to quietly gather intel.

Tips to stay safe

• Slow down: Hackers rely on urgency. Take a breath and verify.
• Trust your instincts: If something feels off, it probably is.
• Stick to procedures: They exist to protect you and the organization.
• Report suspicious behavior: Even if it turns out to be nothing, it helps build awareness and resilience.
• Talk about it: Share what you learn with your team. Security is a shared responsibility.
• Stay informed: For more details, visit Nationwide's Cyber Resource Center, which offers insights, best practices and education to safeguard your digital information.

Security isn't just a system, it's a mindset. By staying informed, alert and intentional in your actions, you can help protect your company's most sensitive information. Asking questions, following procedures and practicing good cyber hygiene will help build a safer, more resilient organization.

To learn more about Nationwide's technology organization, visit the Nationwide Technology & Innovation newsroom page.