Risk managers now frequently recognise the need to consider the human factors in Information Security as many attackers are now actively engaged in hacking the human as this is often more susceptible to attack than the technology.
Social engineering is the clever use of deception or impersonation to gain trust that leads to unauthorised access of sensitive information or facilities. Unfortunately people are often the weakest link in an organisation's security defences, as many of the good qualities we look for in human behaviour are the very same ones that can lead to compromise.
Although people have become much more familiar with the term "social engineering" in recent years, this hasn't unfortunately lead to a reduction in successful social engineering attacks. In fact, they are increasing rapidly. Awareness and understanding of social engineering techniques, and how to defend against them, are key to your survival.
We offer a full range of social engineering testing and training services.
Our review, assessment and testing services include:
- Assessing the vulnerability of your facilities to physical compromise
- Testing your physical defences and your staff's susceptibility to physical manipulation
- Evaluating your staff's susceptibility to remote social engineering
- Measuring the success of bespoke phishing attacks against your staff
- Testing the effectiveness of your security awareness training
For those wishing to be educated themselves, to be able to test their own organisation or to better engage the services of others, we also offer an offensive course that teaches the techniques and methodology used to successfully gain unauthorised access to buildings and information. With a strong emphasis on the legal and ethical considerations associated with such testing we equip your risk managers with the knowledge they need.