We’ve all heard about the dangers of social engineering — manipulating people into sharing information, clicking a link or downloading software — a hundred times. We’ve been through the “don’t-click-that-link” trainings and have been warned not to open attachments from unknown senders.
Why, then, is social engineering still topping all the charts as the single most effective method for attackers to gain entry to our systems? It is because our training is missing the mark.
This is a trend that National Motor Freight Traffic Association Inc. (NMFTA) called out in detail in our recent 2026 Transportation Industry Cybersecurity Trends Report.
We are consistently one step behind the bad actors as the methods and tools evolve.
Why? It’s because we are not thinking like the adversary and training on the ways that a savvy attacker would really try to convince one of our team members to take an action that gives them an in.
We need to tailor social engineering training specifically to the tools, processes and workflows that each team is using to complete their jobs.
- Train them in the ways that these tools can be turned into weapons for cybercriminals;
- Train them on the gaps in their processes — the weak points where one team hands off tasks to another, or where data moves from one system to another.
We need to remove the idea of “I’m not really a computer person” from everyone in the organization and empower them to become masters of the systems and tools that they engage with and teach them where the limitations and weak points are.
Predators are shifting their tactics.
One of the things that has changed significantly in recent months with the way cybercriminals are engaging in social engineering is their predominant use of the telephone for initial contact. Email filters have matured; most folks will ignore texts from unknown senders.
But in a business that is still heavily phone-reliant such as trucking, a friendly phone call from a skilled attacker can have a devastating impact.
One of the most damaging of these types of attacks that we are seeing right now goes a little like this:
An attacker calls the help desk and pretends to be an employee of the organization who has lost their phone and needs to move their multi-factor authentication (MFA) to a new device. They silver-tongue their way through the screening process, have just enough information to build rapport and are skilled enough to create a sense of urgency and … voila! They are issued a new password and assisted in moving MFA to their phone for the account they are claiming is theirs.
This is bad if the account belongs to a customer service rep — catastrophic if it belongs to a user with elevated access.
We see this process in reverse too:
An employee will receive a massive amount of junk email in a short period of time; then they get a friendly phone call from “the help desk” claiming they need to take a look at the employee’s computer, as it might be infected. The employee is typically rattled enough by this time that they readily oblige when the “help desk technician” talks them through a few simple troubleshooting commands and helps them download a diagnostic tool. The nuisance emails stop and the call ends. And the employee’s workstation now has a handy back door installed for the attacker to leverage later.
These are real-world examples that are happening every day.
The common theme across all successful social engineering attacks is a lack of regular, relevant, and relatable social engineering training.
We humans often get a bit of a bad rap in the security community as the “weakest link” in the security chain. But our teams are made up of a lot of smart people who want to protect their organization. With the right tailored training, our team members transition from potential weak points into some of the strongest defenses in the organization.
Let’s be clear: The goal here is not to make everyone on the team a cyber-expert. But rest assured: Everyone needs to be cyber aware. This includes being an informed user of the systems and tools they engage with regularly.
It is critical to remember this when creating training around cybersecurity and social engineering. There are a limited number of people on your team who want to be cybersecurity gurus! Don’t train in a way that makes everyone else feel overwhelmed. Simple, relatable and relevant to the daily workflow is the secret here.
Cybersecurity training is vital for everyone in your business.
The other fatal flaw in our current approach to cybersecurity training is the tendency of many organizations to treat training as an annual or semi-annual compliance checkbox.
Effective cybersecurity training should be a regular, consistent part of the workflow for all employees.
“Bite-size” training with rotating departments on a monthly basis will always be more effective than one large training module per year. This methodology keeps cyber awareness training top of mind the organization and reenforces a culture of “see something, say something” throughout the organization.
Social engineering is not a new phenomenon.
The attacker’s techniques have simply evolved to maintain their effectiveness. As our technical defenses have improved, attackers have pivoted to rely more on legitimate tools used for nefarious purposes.
The main ingredient is the same though — human trust, exploited. As we adjust to this new normal in the methodologies of the attackers, training becomes our single most effective defensive tool.
We must have:
- Targeted, relevant training for each member of the team.
- Training that empowers instead of overwhelming.
- Training that turns each team member into a confident member of the organization’s defenses.
- Training that moves the needle.
For a deep dive into this topic, and more cybersecurity trends in the transportation industry, access NMFTA’s 2026 Transportation Industry Cybersecurity Trends Report here.
Ben Wilkens, CISSP, CCSP, CISM, is a Cybersecurity Principal Engineer at the National Motor Freight Traffic Association Inc. (NMFTA).
In his role at NMFTA, Ben spearheads research initiatives and leads teams dedicated to developing cutting-edge cybersecurity technologies, methodologies and strategies to safeguard information systems and networks. He collaborates extensively with academic institutions, industry partners and government agencies to advance cybersecurity practices and knowledge.
Ben provides expert insights and recommendations to organizations, enhancing their security posture and helping them navigate the constantly evolving landscape of cyber threats.
Before joining NMFTA, Ben was a key executive at a third-generation family-owned trucking and logistics company. There, he focused on the strategic integration of technology to improve operational efficiency while ensuring adherence to cybersecurity best practices.
With a rare combination of CISSP, CCSP and CISM certifications — alongside an active Class A CDL — Ben brings a unique perspective to the intersection of cybersecurity and transportation. In addition to his extensive experience as an over-the-road driver, he has held roles in dispatch operations, driver management, and brokerage sales. Ben later transitioned to IT and operations support, where he honed his expertise in cybersecurity.
