Social engineering assessments
Your best defensive strategy against social engineering is to raise employee security awareness and to educate on good practices.
A social engineering assessment can be used to direct your security training, create data handling guidelines, and security policies
Staff can be vulnerable
Staff within your company can often be a vulnerable point within the system, whether they are users, system administrators, or technical security professionals. Claranet Cyber Security provides full social engineering attacks to establish whether we can get users to provide sensitive information. Our approach includes much more than simple phishing attacks. We also utilise "smishing" (sms phishing) and "vishing" (voice phishing) tools and information. Gaining access into the physical building, baiting individuals, and watering hole attacks are some of the other methods we use.
What next
A social engineering assessment from Claranet Cyber Security allows you to see how susceptible your staff might be when presented with an attempt by an attacker to trick them. The result of a social engineering assessment can be used to direct training, create data handling guidelines, and to help formulate your security policies.
How we go about it
-
Scoping and planning
Our security consultants will work with you to select the right activities and prepare the business for the engagement.
-
Information gathering
Each activity has its own unique information requirements. For example, a phishing campaign needs email addresses, a calling operation needs a phone list. We use this to build an attack plan.
-
Develop the relationship
Social engineering attacks work because they are effective in gaining trust. Each approach aims to build rapport with the target to make them susceptible to exploitation.
-
Exploit the target and execute
Having gained the trust of the target, the social engineer will aim to influence the target to perform an action, resulting in the execution of the exploitation.
-
Reporting and follow-up
Full reporting follows each exercise. Analysis will highlight trends in the way the targets responded and we provide a range of follow-up services to help with the mitigation of the discovered risks.
Typical social engineering engagements
Physical entry
Attempting to gain unauthorised access to buildings
Phishing campaigns
Phishing and spear phishing techniques to trick users via email
Baiting
Tempting users into disruptive actions that threaten security
Impersonating
Impersonating members of staff to obtain information or access
Watering hole attacks
Used to target members of a particular group
Dumpster diving
Your rubbish may lead to direct network compromise or provide leverage
Frequently Asked Questions
-
What is social engineering?
Social engineering includes all attacks that aim to manipulate human behaviour to gain leverage or knowledge about a target.
-
Is social engineering just about phishing attacks?
Attacks can be as simple as an indiscriminate phishing campaign or they can be highly complex multi-layered attacks harnessing both digital and physical techniques.
-
Why social engineering assessments?
Social engineering assessments can help you to quickly identify where areas of vulnerability exist and direct where efforts should be focused to mitigate risks.
Our accreditations
