Social engineering assessments
Your best defensive strategy against social engineering is to raise employee security awareness and to educate on good practices.
A social engineering assessment can be used to direct your security training, create data handling guidelines, and security policies
Staff can be vulnerable
Staff within your company can often be a vulnerable point within the system, whether they are users, system administrators, or technical security professionals. Claranet Cyber Security provides full social engineering attacks to establish whether we can get users to provide sensitive information. Our approach includes much more than simple phishing attacks. We also utilise "smishing" (sms phishing) and "vishing" (voice phishing) tools and information. Gaining access into the physical building, baiting individuals, and watering hole attacks are some of the other methods we use.
What next
A social engineering assessment from Claranet Cyber Security allows you to see how susceptible your staff might be when presented with an attempt by an attacker to trick them. The result of a social engineering assessment can be used to direct training, create data handling guidelines, and to help formulate your security policies.
How we go about it
-
Scoping and planning
Our security consultants will work with you to select the right activities and prepare the business for the engagement.
-
Information gathering
Each activity has its own unique information requirements. For example, a phishing campaign needs email addresses, a calling operation needs a phone list. We use this to build an attack plan.
-
Develop the relationship
Social engineering attacks work because they are effective in gaining trust. Each approach aims to build rapport with the target to make them susceptible to exploitation.
-
Exploit the target and execute
Having gained the trust of the target, the social engineer will aim to influence the target to perform an action, resulting in the execution of the exploitation.
-
Reporting and follow-up
Full reporting follows each exercise. Analysis will highlight trends in the way the targets responded and we provide a range of follow-up services to help with the mitigation of the discovered risks.
Typical social engineering engagements
Physical entry
Attempting to gain unauthorised access to buildings
Phishing campaigns
Phishing and spear phishing techniques to trick users via email
Baiting
Tempting users into disruptive actions that threaten security
Impersonating
Impersonating members of staff to obtain information or access
Watering hole attacks
Used to target members of a particular group
Dumpster diving
Your rubbish may lead to direct network compromise or provide leverage
Frequently Asked Questions
-
What is social engineering?
Social engineering includes all attacks that aim to manipulate human behaviour to gain leverage or knowledge about a target.
-
Is social engineering just about phishing attacks?
Attacks can be as simple as an indiscriminate phishing campaign or they can be highly complex multi-layered attacks harnessing both digital and physical techniques.
-
Why social engineering assessments?
Social engineering assessments can help you to quickly identify where areas of vulnerability exist and direct where efforts should be focused to mitigate risks.
Our accreditations
Get a free, no obligation quote
Submit this form or call
0330 390 0504
What happens after you fill in this form
Scope
An experienced security consultant will explore your needs and agree the scope of work. You may have a clear idea of this already or we can use our extensive experience to help you find the right scope
Quote
Once your scope is complete we will size your requirements and provide a competitive quote, assign appropriate resources and agree a date for the work
Test
During the testing, our consultants will be on-hand to directly discuss any issues and update you on progress. Any high priority findings will flagged to you daily
Report
At the end of the testing we provide a detailed report of issues based on priority, which is assessed on the potential for business impact. These clear, detailed reports allow you to prioritise actions to improve your security, and we can join you on a call to walk through your findings
Know what you want testing?
If you know what you want to have pen tested you can submit your scope details here and we will contact you to talk about delivery and pricing.
