According to a recent survey by network security firm Thycotic, 60% of respondents answered that social engineering was the fastest way to compromise users,” even as 50% of surveyed Black Hat conference attendees answered that they had compromised Windows 8 and 10 systems in the past year. According to the report, “while much attention is given to application and operating system vulnerabilities, zero-day attacks, and malware, hackers still find it much easier to trick users into simply handling over their corporate credentials.” Of these social engineering tools, the favorite was exploitation of re-used passwords. The report concluded that the best solution to many of these problems is to grant employees access to the minimal amount of information and access necessary for their work.
Source: Hackers acknowledge Windows flaws but prefer social engineering tricks