People are often the weakest link in a chain of security measures. Your employees are frequently confronted with threats such as phishing emails or social engineering calls. They often lack the knowledge or awareness to recognize these threats.
Regardless of the technical and physical security systems and concepts in place, the security of your infrastructure and networks is ultimately directly related to the security awareness of your employees, partners or suppliers. Malicious attackers these alarming facts, which is why people are often their first target. Cybercriminals use sophisticated social engineering techniques to persuade and manipulate people and obtain sensitive information for more advanced attacks.
Assessing your employees' ability to recognize and defend against such social engineering attacks should be an important part of your security program.
Using assessment and analysis techniques that leverage automated and manual testing approaches, our security experts and penetration testers conduct conduct realistic social engineering campaigns to test people, processes and procedures.
The following is a non-exhaustive list of items that can be examined during social engineering assessments:
- OSINT - Open Source Information Retrieval.
- Phishing and spear phishing
- Identity theft by trusted third parties.
- Basic physical protection
What you get
Once the assessment is complete, we provide a comprehensive report detailing the information discovered in the time allotted for the test. Stakeholders can see for themselves what information is available online about them, their employees, and their company. In addition to the OSINT data, we also provide the actions and/or responses received during simulated phishing and vishing attacks. In this way, potential weaknesses in employee compliance with company policies.