COVID-19: remote delivery options
We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.
What is a social engineering penetration test?
Social engineering is the single biggest security threat facing your business. A social engineering penetration test will help you evaluate your employees’ susceptibility to social engineering attacks.
Educating your employees about how social engineering attacks are carried out, and implementing and maintaining appropriate security controls to mitigate them, is critical.
Social engineering penetration tests provide a basis on which to highlight issues with operating procedures and to develop targeted staff awareness training.
A social engineering penetration test will help you:
- Establish the publicly available information that an attacker could obtain about your organisation;
- Evaluate how susceptible your employees are to social engineering attacks;
- Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks; and
- Develop a targeted awareness training programme.
What is social engineering?
Attackers masquerade as trusted entities and manipulate victims into compromising their security, transferring money, or providing sensitive information.
Social engineering attacks can occur both online and offline.
Find out more about social engineering
One of the most common forms of social engineering is phishing.
Phishing attacks involve emails that appear to be from legitimate senders but contain malicious attachments or links.
They either use drive-by downloads to install malware on victims’ machines or harvest their credentials.
Find out more about phishing
Did you know?
The Proofpoint’s 2019 report 'The Human Factor' found that 99% of cyber attacks use social engineering to trick users into installing malware.
Is a social engineering penetration test right for you?
If you are responsible for your organisation’s information security, you should ask yourself:
- What information about your organisation is publicly available that could be used to facilitate social engineering attacks?
- Are staff vulnerable to phishing and other forms of social engineering?
- Could a social engineer gain unauthorised access to offices and site locations by exploiting weak security measures?
- Could an attacker gain access to sensitive information from mislaid documentation?
- What information could be obtained by someone taking hardware off-site?
Our engagement process
Our CREST-accredited penetration testers follow an established methodology to help model your real threats and provide actionable recommendations. This approach will emulate the techniques of an attacker using many of the same readily available tools.
- Scoping - Before testing, our consultancy team will discuss your social engineering assessment requirements to define the scope of the test.
- Reconnaissance - Our social engineering team uses a variety of intelligence-gathering techniques to collect information from public sources about your organisation.
- Assessment - Our social engineering team attempts to gain access to the systems and/or buildings that hold the target information defined by you.
- Reporting - The test results will be fully analysed by an IT Governance certified tester and a full report will be prepared for you that sets out the scope of the test, the methodology used and the risks identified
- Workshop - Our team can also run a workshop that will help your employees identify and respond to the cyber threats conducted during the exercise.