COVID-19: remote delivery options
We want to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. Please refer to our COVID-19 policy.
What is a social engineering penetration test?
Social engineering is the single biggest security threat facing your business. A social engineering penetration test will help you evaluate your employees’ susceptibility to social engineering attacks.
Educating your employees about how social engineering attacks are carried out and implementing and maintaining appropriate security controls to mitigate them, is critical.
Social engineering testing provides a basis for highlighting issues with operating procedures and developing targeted staff awareness training.
A social engineering penetration test will help you:
- Establish the publicly available information that an attacker could obtain about your organisation;
- Evaluate how susceptible your employees are to social engineering attacks;
- Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks; and
- Develop a targeted security awareness training programme.
Learn more about our social engineering penetration test
Speak to an expert
For more information on how our CREST-accredited penetration testing services can help safeguard your organisation, call us now on +44 (0)333 800 7000, or request a call back using the form below.
Get in touch
What is social engineering?
Attackers masquerade as trusted entities and manipulate victims into compromising their security, transferring money, or providing sensitive information.
Social engineering attacks can occur both online and offline.
Find out more about social engineering
One of the most common social engineering methods is phishing.
Phishing attacks involve emails that appear to be from legitimate senders but contain malicious attachments or links.
Phishing emails either use drive-by downloads to install malware on victims’ machines or harvest their credentials.
Find out more about phishing
Is a social engineering penetration test right for you?
If you are responsible for your organisation’s information security, you should ask yourself:
- What information about your organisation is publicly available that could be used to facilitate social engineering attacks?
- Are staff vulnerable to phishing and other forms of social engineering?
- Could a social engineer gain unauthorised access to offices and site locations by exploiting weak security measures?
- Could an attacker gain access to sensitive information from mislaid documentation?
- What information could be obtained by someone taking hardware off-site?
Did you know?
Proofpoint’s 2019 report 'The Human Factor' found that 99% of cyber attacks use social engineering to trick users into installing malware.