Social Engineering Drills
Social engineering is the act of manipulating people into taking a specific action for an attacker’s benefit. You might think it sounds like the work of a con artist – and you’d be right. Since social engineering preys on the weaknesses inherent in all of us, it can be quite effective. And without proper training it’s tricky to prevent. If you’ve ever received a phishing email, you’ve seen social engineering at work. The social engineering aspect of a phishing attack is the crucial first step – getting the victim to open a dodgy attachment or visit a malicious website.
CyberSmithSECURE’s Social Engineering Drills Services which include facility and physical security as well as phishing tests, deliver an objective evaluation of your employees’ awareness, training, and policy adherence. Social engineering is a collection of techniques for intentionally manipulating people into providing inappropriate access to sensitive or exploitable information, information systems, or workspaces. It may involve a completely non-technical form of intrusion or cutting-edge technology, but the key is that it depends on human interaction for success—or failure, depending on your perspective. Very often, it involves tricking people into compromising normal security policies and procedures by exploiting the typical human desire to be friendly and helpful and to avoid confrontation.
- Remote data leakage analysis and on-site reconnaissance
- Sensitive document handling and disposal tests
- Facility security testing, employee email and telephone “phishing” tests
- Found and implanted device tests, such as removable USB flash drives
- Desk-checks, visitor check-in and escorting, and security guard effectiveness
- Detailed post-assessment report with actionable recommendations
