2025 Unit 42 Global Incident Response Report: Social Engineering Edition
1 min read
Summary
Palo Alto Networks’ “Unit 42” incident response unit has published a report predicting that social engineering will remain one of the most reliable, scalable and impactful cyber intrusion methods in 2025, based on five emerging trends in this space.
The report reveals that social engineering remains the top initial access vector in Unit 42 incident response cases between May 2024 and May 2025.
It typically involved non-phishing tactics, including SEO poisoning, fake system prompts and help desk manipulation.
Social engineering was often effective not due to sophisticated tradecraft, but because businesses missed or misclassified critical signals.
More than half of social engineering incidents led to sensitive data exposure, while others interrupted critical services or affected overall organisational performance.
The key trends revealed in the report are over-permissioned access, gaps in behavioural visibility and unverified user trust in human processes.
