In their latest research, Unit 42 explains that many social engineering attacks don’t need advanced hacking tools. Instead, they work because of three main weaknesses: low detection coverage, alert fatigue, and organisational failures.
Low-detection coverage means security tools and monitoring do not produce signals for many attacker actions, or they generate signals that are weak and hard to connect to a real threat. In practice, this looks like attackers moving around inside a network or abusing account recovery steps without any alerts firing, or alerts that never reach the right team. Unit 42 says social engineering often succeeds not because attackers used very advanced techniques, but because those early signals were missed or misclassified. Low detection coverage means that security systems miss early warning signs. The alerts either don’t fire at all or get labelled as low priority. That gap allows attackers to slip through everyday systems like account recovery or internal access paths without anyone noticing...
