Tuesday 2 February 2016

Is Social Engineering really a problem?

As computer security controls become more effective attackers are seeking ever more complex methods of targeting organisations and their staff. By combining technical expertise with social engineering they are increasingly more successful in gaining access to sensitive information, valuable assets and money.

Risk managers now frequently recognise the need to consider the human factors in Information Security as many attackers are now actively engaged in hacking the human as this is often more susceptible to attack than the technology.

Social engineering is the clever use of deception or impersonation to gain trust that leads to unauthorised access of sensitive information or facilities. Unfortunately people are often the weakest link in an organisation's security defences, as many of the good qualities we look for in human behaviour are the very same ones that can lead to compromise.

Although people have become much more familiar with the term "social engineering" in recent years, this hasn't unfortunately lead to a reduction in successful social engineering attacks. In fact, they are increasing rapidly. Awareness and understanding of social engineering techniques, and how to defend against them, are key to your survival.

We offer a full range of social engineering testing and training services.

Our review, assessment and testing services include:
  • Assessing the vulnerability of your facilities to physical compromise
  • Testing your physical defences and your staff's susceptibility to physical manipulation
  • Evaluating your staff's susceptibility to remote social engineering
  • Measuring the success of bespoke phishing attacks against your staff
  • Testing the effectiveness of your security awareness training
Our social engineering training is particularly useful for executive’s personal assistants, receptionists, help desk and call centre operatives, but is beneficial for all staff in both their work and personal lives. By raising their awareness of the dangers of social engineering, helping them to better understand the techniques used by attackers, and by providing them with defence strategies they will be better prepared to defend your organisation.

For those wishing to be educated themselves, to be able to test their own organisation or to better engage the services of others, we also offer an offensive course that teaches the techniques and methodology used to successfully gain unauthorised access to buildings and information. With a strong emphasis on the legal and ethical considerations associated with such testing we equip your risk managers with the knowledge they need.