Social Engineering Assessment
Social engineering attacks are very efficient for obtaining information from users without use of technical aids. Attackers make use of natural human reactions, positive qualities such as helpfulness, customer friendliness etc. for the same. Often such attacks are a preparation for an invasion of the corporate network. The real challenge in preventing social engineering attack is that many of the human qualities that exploit the attacker and the company are very desirable. Thus, the willingness to help is a prerequisite for customer friendliness, trust in other people to put is a prerequisite for working in a group and a team. During the Social Engineering assessment, our experts attempt to manipulate an organization’s employees into allowing unauthorized access to confidential information. This allows the organization to test their Information Security Policy and their employees’ adherence to that policy. By hiring us to perform this test, the organization can identify failure points and train its staff in order to prevent an actual breach. We have designed techniques that can be performed both onsite and remotely. During an onsite engagement, our experts will use various techniques to gain physical access to obtain records, files, and/or equipment that may contain confidential information.
A social engineering assessment is carried out in 3 steps
- Legal and illegal access with analysis of the effectiveness of physical infrastructure and the security service.
- Attack on the employees with social engineering techniques to gain confidential information.
- Documentation of access to mission-critical systems and possible theft of hardware and confidential information (eg documents, CDs, etc.)