Challenge your company’s defenses against social engineering attacks.
Hacking the Human Element
Recognizing that humans are the weakest link in security is the first step to integrate your organization’s security defense-in-depth strategy with the human factor of security.
Performing a Social Engineering Assessment on your organization would help understand whether your security policies, procedures, and awareness programs perform accordingly in preventing outsiders getting valuable corporate information directly from your employees.
CIPHERTECHS’ SOCIAL ENGINEERING SERVICE
“Social Engineering” is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of inappropriate trust relationships with insiders.
CipherTechs’ audit engineers use this approach to attempt to gain confidential information, such as organizational charts, phone numbers, procedures or passwords in order to evaluate the organization’s vulnerability to social engineering attacks. This service builds on CipherTechs’ already consolidated vulnerability assessment practice to offer our customers a comprehensive and insightful methodology to assess and mitigate IT security risks.
BEST-OF-BREED METHODOLOGY TO TEST THE HUMAN COMPONENT OF SECURITY
CipherTechs’ security professionals will attempt to gather confidential organizational information using the same conventional and unconventional methods employed by recruiters, hackers or industrial spies. These methods typically involve customized, targeted phished emails, calling into the organization and posing as an insider, and delivering USB devices to end users.
This information gathering process highlights deficiencies in operating procedures, employee awareness, and corporate policy related to the handling of corporate confidential information by employees and other insiders.
A written report presents the information gained and includes an evaluation of the procedural flaws exploited and the consequent risks, along with recommended enhancements to corporate policy, procedures and security awareness training.
CipherTechs has performed Social Engineering Assessment Services for a wide range of enterprise communications environments.
CipherTechs Social Engineering Assessment Service allows the client to assess the security awareness of its employees and identify procedural weaknesses via the use of an expert third party. This assessment can identify specific problem areas for additional employee training or for procedural development, allowing the client to target such programs more efficiently.
The Social Engineering Assessment service can help the client assess and improve employee security awareness and their handling of proprietary information in daily business operations.