You can buy the most secure system in the world at your disposal, but if you have a disgruntled person in your IT department, it is as vulnerable as a sponge. Footprints, access codes, loop holes and exceptions can all be masked into any system, and altering the log so that the knowledge of that backdoor is only known to the person creating it, is all a reality.
You access all your web accounts and even plug into your enterprise network using your cellphone. Like most people, you have your passwords saved. God forbid your cellphone gets into the wrong hands and you will have trouble recalling which accounts you accessed and which passwords you need reset.
Do you see a trend here? You should, because we're certainly not outlining the script from a movie. No matter what you deploy to secure your network and system, until you do something to secure and mobilize the human factor in any organization, you are going to always be vulnerable. And no, it doesn't matter whether your organization is small or large. As long as you have people, you are going to have ways to get into the system.
Social Engineering is something that gives true character and personality to a "smooth talker". Someone who will use his or her social skills to get you to reveal critical packets of information which can be used to break down your business, is an increased risk in the corporate environment. Ever been in a situation where you divulged some confidential information to a friend or a confidante? Shown off a credit card that has your photo ID on it just so they can 'wow' at your smile? A casual conversation where you revealed some classified information to impress someone? In today's age of increased corporate competitiveness, there are more chances that it will be used to get into a network, gain access through a firewall and exploit an organization.