Social engineering is the manipulation of someone to serve an objective such as divulging confidential information tThe Cyber Kill Chain framework developed by Lockheed Martin was developed to identify what an adversary must complete in order to conduct a Cyberattack.
By stopping an attack at any stage of the chain means an attack will be unsuccessful. When building your organisations security controls, you need to consider what you are doing to defend your organisation at each of these stages.
When you look at the Cyber Kill Chain one perceived downside is many believe it was developed with Malware as the focus. Social engineering, insider threat, man in the middle attacks may require no Malware at all but they must be managed.
Security awareness is simply a control, just like encryption, passwords, firewalls, DLP, or anti-virus. What makes security awareness unique is that it applies to and manages human risk. It is important to understand, many of the defence techniques we will discuss in the Cyber Kill chain can just as easily be applied to social risk.