Our Social Engineering services use an array of computer-based and human-based social engineering techniques in order to assess your employees’ security behavior and propensity.
Social Engineering Testing
Background
Typically, the ultimate target of hacker attacks and data breaches are not IT systems as such. Their real targets are the human actors in your security chain, namely the staff members as they are susceptible to error and typically unaware of the threats existing outside their secure perimeter and the corporate network. Latest researches in the industry demonstrate that successful social engineering attacks are responsible for 70% of all breaches that lead to substantial data loss or information leaks. It is widely believed that staff members are the weakest link in any cybersecurity defense. This explains why Social Engineering Tests are highly relevant to the overall security posture of your organization, both in digital and physical terms.
How does Social Engineering Testing work?
Our Social Engineering services use an array of computer-based and human-based social engineering techniques in order to assess your employees’ security behavior and propensity.
These techniques include:
Email Phishing
Sensitive information is being exchanged over email constantly. However, few if any of these exchanges occur through the proper channels for authentication and authorization.Email Phishing is the carrier of ransomware attacks and a common technique for bad actors to gain foothold in internal networks and commit phishing assaults, data breaches, and other internal network malignancies.
Cyber Tech Group’s Social Engineering Testing service uses email phishing and spear phishing in an attempt to entice staff visit unknown websites, divulge sensitive information or commit other wrongdoings.
Telephone Vishing
Much like email, sensitive information is being shared in phone conversations at an almost constant rate. Normally we believe that the person on the other end of the line is who they say they are. Our belief grows when they mention some information about our company. That belief is exploited by bad actors and encourages them to shift from email toward telephone-based social engineering (Vishing).
Cyber Tech Group uses vishing techniques to induce staff divulge sensitive information or otherwise get them to do something wrong.
Physical Social Engineering
Cyber Tech Group’s Physical Social Engineering testers engage with staff directly (overtly) or indirectly (undercover) to check how they physically deal with visitors and individuals purporting to be employees, vendors, or business partners. The objective is to identify loopholes in the behaviour of staff members which can be exploitedby criminals. For example, one of our tactics includes our social engineers masquerading as vendors, new employees, business partners, and more to entice staff into divulging sensitive information or letting them access sensitive areas at the facility.
We are experienced and ready to help you take your cybersecurity to the next level.