Social Engineering Testing
No technical solution can protect an organization if an employee allows a hacker into the network. The goal of these attacks could be technical (breaching a network to compromise sensitive data) or physical (gaining access into restricted areas). Whatever the goal, social engineers design their attacks to take advantage of our natural tendency to be helpful, trusting, and nonconfrontational.
Social Engineering Security Testing identifies human weaknesses within an organization. The combination of technology, psychology, and creativity makes social engineering a real, and often undetectable, threat. It has become an extremely popular and effective way for hackers to gain access to a company’s information systems and steal sensitive information. Some of the methods Tanner’s Information Security team uses to combat social engineering hacks include:
- Phishing: Sending spoofed emails to employees with malicious attachments or links.
- Pretexting: Pretending to be a person of authority to get employees to perform actions that compromise the network (e.g., providing valid login credentials).
- Media Dropping: Having employees introduce malicious files from external devices onto the company network.
- Physical Security: Attempting to bypass physical locks, motion sensors, and other security controls to access restricted areas.
Our Social Engineering Testing engagements are built from the ground up and tailored to meet the needs of your specific organization. Each test begins by using public resources and select employees to gather information on the organization. We then leverage this information to convince end-users to break company security policies that jeopardize the integrity of the network.
Pre-scripted online tests are ineffective because they fail to simulate the actions of real-world attacks. Our customized approach uses the same sophisticated techniques that hackers have been using for years to compromise high-profile companies across the world.
Social Engineering Test Deliverable
Upon completion of the Social Engineering Testing assessment, you will receive a detailed report containing the following information:
- Statement of the engagement’s purpose, scope, and approach
- Description of attack methods used during testing
- Detailed social engineering security logs, including:
- Originating IP addresses of compromised systems
- Usernames/login credentials
- Times of actions/exploits
- Overview of identified risks
- Prioritized recommendations to help reduce risk