Social engineering is the “600-pound gorilla” with regards to financial institutions and their needing to safeguard sensitive data. It’s the hardest risk to build effective controls for, as it’s almost completely prone to human nature. Even the most successful tests reveal that human nature is hard at work wreaking havoc in even the most security-aware institutions. The bad guys are effective because they are always thinking of new ways to get at NPPI. They learn what works, what doesn’t and then modify their approach to keep things moving along.”]
Source: https://www.cuinfosecurity.com/blogs/social-engineering-gorilla-in-room-p-71