Where computer technology was once primarily applied in academic settings and trust among scientists in the 1970s was high, the world of 2025 looks very different. Technology is more powerful and complex than ever before, and while that brings advantages, it also creates new attack vectors. Often in unexpected ways.
A well-known example is social engineering. This term has been used for decades to describe attacks in which humans, not systems, are manipulated. Instead of cracking a password through technical means, an attacker gains access through psychological manipulation. Think of someone who, after prolonged contact and an apparent friendship, manages to extract personal information from you. Information that would normally be well protected.
Although social engineering occurs at all levels, it is not equally effective or rewarding everywhere. Many people are now alert enough to recognize phishing emails and suspicious phone calls. But when the target is significant or sensitive, such as state secrets, intellectual property, or internal strategic information, attacks often become far more refined and drawn out.
This can range from suspiciously interested ‘matches’ on dating platforms who mainly ask about your job, to seemingly harmless interns or colleagues who later turn out to have been involved in data leaks or espionage. In a world where technical security is increasingly robust, people often remain the weakest link. And the more valuable the information, the more effort is invested in accessing it through human interaction.
This is precisely why the focus within information security is shifting. Whereas technical measures once dominated, more and more investment is now going into training, informing, and testing employees. The role of the security researcher is evolving accordingly: social resilience has become just as important as a well-configured firewall.
This trend has been visible in the Netherlands for years. Sensitive data is not always stolen through brute force, but rather through clever aggregation of seemingly harmless information. By linking multiple data points, a detailed profile can emerge. Useful to both criminal groups and unknown entities with an agenda.
It’s important to acknowledge that not everyone naturally thinks like a security expert. Not everyone is instinctively skeptical. And that, too, is a social virtue worth preserving. Still, a degree of restraint in what we share, especially in the professional context, is often essential.
It's hard to blame individuals when they fall victim to such advanced manipulation. The methods are sometimes so refined they are virtually undetectable. Even by seasoned professionals. Some attacks are built over months or even years, with trust being carefully and deliberately cultivated.
Just as you stay aware of your surroundings during a city trip without closing yourself off, the digital and professional world calls for vigilance without paranoia. Not everything that seems friendly is harmless. And sometimes, a breach begins with nothing more than a conversation that was just a little too curious. In a world where systems grow increasingly secure, trust remains the most vulnerable point of entry.