The proliferation of security controls, more mature software, and skilled defenders has forced attackers to shift their focus from perimeter systems to assets you cannot patch: your people.
In fact, 22% of the breaches in the Verizon Data Breach report included a social engineering component.
Social engineering assessments are your greatest defense against cyber criminals who use manipulation tactics to gain access to sensitive information. Attackers conduct their manipulation online, making it difficult for their victims to realize that they are falling prey to social engineering tactics like email phishing, phone pre-texting, onsite pre-texting, and baiting. Professional manipulators often pose as authority figures that belong to a victim’s organization; without social engineering assessments, it can be nearly impossible for organizations such as yours to prevent their employees from falling prey to malicious social engineering tactics. These assessments are becoming increasingly important as the rate at which social engineering tactics are carried out continues to rise.
All of our social engineering services are tailored to your requirements and objectives. If you have a specific pretext that you would like to use, we will work closely with you to achieve your goals. If you do not have a predefined plan, our experienced consultants will present several viable options as a starting point for determining an approach that will best meet your needs. The more customized these assessments are, the more realistic and valuable they become.
Among the most common forms of phishing is email phishing. Bad actors will disseminate emails that they have created to look like they’re sent from a legitimate organization with the intent of stealing sensitive data. Standard email phishing can be carried out en masse and is not a focused attack.
Campaigns can be configured to gauge employee awareness when it comes to downloading attachments, following suspicious links, or disclosing sensitive information. Our “malware” is developed in-house, and websites and other attack vectors appear to be completely genuine and properly secured.
Phone pre-texting is a type of social engineering method used by threat actors to obtain sensitive data or service/system access. Attackers will fabricate a pretext – essentially a story – that typically casts them in the role of an authority figure who requires information from the victim or who needs access to information in order to assist the victim.
Depending on your chosen approach, we will attempt to coax targeted employees into performing tasks such as downloading malicious files, following fraudulent links, or disclosing login credentials or configuration information over the phone.
Similar to phone pre-texting, onsite pre-texting refers to a type of social engineering in which bad actors impersonate a victim’s professional colleague, such as an IT specialist or HR representative, for the purpose of gaining access to sensitive information or a system/service. Onsite pre-texting may occur in person as well as online.
This is the ultimate test of your employees’ mettle and adherence to physical security processes and procedures. In this scenario, we may use techniques such as lock picking, badge replication, service provider impersonation, and rogue devices to gain access to sensitive areas and data.
This offering can be combined with phishing, phone pre-texting, and penetration testing to form the building blocks of a full-scope Red Team Assessment.
Our social engineering penetration testing allows us to access your employees’ adherence to the security standards you have defined at the corporate level. Our security experts search for information related to your employees that is publicly available in order to gain insight into how attackers may potentially conduct their manipulation tactics. As part of our social engineering testing services, we carry out a set of attacks targeting chosen employees to define the damage that would potentially be caused in the event that your employees fall prey to attacks. With our social engineering services, you become better able to mitigate the risk of experiencing data breaches that occur when employees fall victim to manipulation tactics.
This type of social engineering refers to a bad actor baiting a victim with the promise of giving them a material reward in exchange for their unwitting compliance in carrying out a malicious act. Baiting may also lure victims in with a promise that appeals to their curiosity; an attacker may, for example, leave a USB drive that contains a malicious payload in a parking lot in the hopes that someone will pick the drive up and plug it into a device to unwittingly install the drive’s malware.
Certifications