InfoSecure, a top social engineering company, performs a variety of exercises in an attempt to trick employees into divulging confidential information that may be used to compromise network defenses. This form of security assessment targets people and processes instead of technology.
The InfoSecure Approach to Social Engineering
We work with our customers to define the targets, location, and type of social engineering to be employed. The end results can provide vital security awareness training to employees and produce vital data for reducing risk. Our Social Engineering consists of three equally important parts:
- Targets – persons from whom the security analyst will attempt to extract sensitive information
- Means – resources used to extract sensitive information from the target; can include telephone, e-mail, fax, text messaging and face-to-face communication, and
- Sensitive Information – the scope of data the security analyst will attempt to extract from the target; ranges from user login credentials to network design specs.
Types of Social Engineering Exercises
InfoSecure analysts work with the customer to create a targeted phishing message from a supposedly trusted source. InfoSecure tracks the open and click through rate and follows up with employees that inadvertently reveal information.
InfoSecure analysts make phone calls impersonating someone with perceived authority or privilege in order to gather key information like user names, passwords, access codes, etc.
InfoSecure analysts leave a USB flash drive or other forms of mobile storage media in an open area in order to identify employees that attempt to use the device, and those who turn it into the appropriate department.
Tailgating (or Piggy-backing)
Analysts attempt to bypass physical security at customer sites in order to roam un-escorted, looking for open offices and/or unsecured workstations.
Social Engineering Engagement Report
InfoSecure’s comprehensive Social Engineering report will answer the following questions:
- How effective is my security awareness training?
- How effective is my physical security?
- What is the risk that confidential information can be leaked?
Security Awareness Testing results and analysis are presented in a comprehensive report. The report details the vulnerabilities present and/or exploited using social engineering techniques. In addition to describing the current security posture, the report provides recommendations for improving security and reducing risk.
Discover Hidden Risks and Vulnerabilities
Request a Free Consultation Today