Social engineering penetration test

IT Governance will conduct a thorough social engineering assessment to help model your real threats and provide actionable recommendations to improve your information security procedures and cyber security awareness. 

The scope of each engagement is tailored to your organisation’s requirements and goals. We can use both traditional and non-traditional techniques to test your resilience to an attack. These might include assessing the following:

• Open source intelligence gathering.
  
• Phishing and social engineering attacks against agreed targets.
  
• Perimeter and internal surveillance attacks. 
  
• Staff procedure bypasses.
  
• Data exfiltration, acquiring assets and intellectual property rights.
  
• Assessing staff and management training.

These engagements are designed to identify gaps in security practices. Testing will focus on identifying the potential harm that a social engineering attack could achieve, and serve as a tool to train staff.

Your challenge

Social engineering is a proven attack vector for attackers to gain access to your organisation. Cyber criminals use social engineering techniques to influence employees into giving up privileged information or access to an organisation.

Social engineering is popular among criminal hackers because it can be easier to exploit people than to find a network or software vulnerability. By gaining access to the building or the network, an attacker can access data, steal assets or even harm people.

Our service offering:

• A consultation to determine the extent of the social engineering engagement.
  
• Design and development of an optimal social engineering attack. Our social engineering team might mimic a threat actor, copy common industry attacks or pursue an entirely bespoke attack vector.
  
• Carefully designed non-destructive social engineering attacks that aim to gain access to the systems and/or buildings that hold the target information defined by you.
  
• Our experienced consultants interpret the results to provide trend analysis and highlight problem areas such as department or location.
  
• If required, we can run a workshop that will help internal staff identify and respond to the cyber threats conducted during the exercise.

Benefits

Our social engineering penetration test will help you:

• Establish the information that an attacker could obtain about your organisation that is freely available in the public domain;
  
• Establish how susceptible your employees are to social engineering attacks;
  
• Determine the effectiveness of your information security policy and your cyber security controls to identify and prevent social engineering attacks; and
  
• Develop a targeted awareness training programme.

COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.