You’re only as strong as your weakest link. And when it comes to security, for many organizations, that weakest link is people and their inherent nature to help. Attackers can take advantage of this, targeting organizations and their clients using “phishing” emails, phone calls, and even text messages.
Strong security controls require that personnel take individual responsibility for protecting the organization, its data, and its clients, and that they have the awareness to identify potential attacks.
We offer social engineering services to help you assess the strength of security controls related to personnel and their adherence to IT security policies. Social engineering is a method of security testing that attempts to manipulate people into performing actions or divulging sensitive information. We use publicly available information on the Internet to gather information about personnel and to identify “targets”.
We then design scenarios in an attempt to engage targeted personnel, often using the information gathered to present targets with a piece of known information to establish legitimacy. The results of our testing are then used to determine the adequacy of the security policies and the current security awareness program.