Tricking Humans – this is what social engineering is all about, and it’s something we are really good at. Whether it’s via telephone, snail mail, email, or in person, we test both your employees and your technical controls to determine the risk posed to your organization by your personnel failing to adhere to best practices.
We conduct highly customized, closely coordinated social engineering assessments.
Some examples are:
- Highly-targeted email-driven (phishing) assessment. First we scour the Internet for intelligence. We gather email addresses, domains, locations, positions. We develop a scenario, determine targets, and fire away. The goal could be to get the user to click on a link, silently exploit their browser, or to download a file. We track metrics and often embed training into the process for that “teachable moment”.
- Introduction of malware into the environment. We might plant malware on 10 USB drives and scatter them around your business location. One in the cafeteria, three in the parking lot next to cars, or we might snail mail one to your HR department.
Attackers always take the path of least resistance, which is why they will target your employees – it would be an oversight NOT to test this attack vector.