SOCIAL ENGINEERING AUDIT
Given the plethora of personal information posted online and inherent human psychological weaknesses, social engineering attacks are becoming more widespread.
Targets for social engineering attacks are often those who are likely to have the most contact with people both inside and outside of an organisation. They might be a receptionist, personal assistant, security guard or help-desk operator. These people are often the first hurdle when trying to exploit an organisation, and should therefore be aware of the risk to themselves and their organisation, receiving additional training as necessary to mitigate a risk of a 'people hack'. The diagram below provides a high-level overview of the social engineering 'kill-chain'.
A social engineering audit encompasses many of our services. Following on from confirmation of the scope and initial organisational and/or personal reconnaissance as appropriate (both offline and online), through to profile analysis, creation of appropriate pretexts (a fabricated scenario/situations used for exploitation efforts), attempts at target exploitation and subsequent report, our audit can highlight areas of potential weakness from a people perspective, and show areas for subsequent improvement to reduce the risk to an organisation and its employees.
All social engineering-related activities are conducted in full compliance of UK law and other legal jurisdictions where appropriate, together with the EU General Data Protection Regulations, and by trained and certified social engineering practitioners.
Please contact us for more information and to discuss your requirements in this area.