Social Engineering Assessment
Test the human, process and physical elements of your organisation’s security to improve your security posture beyond your IT systems and infrastructure.
SOCIAL ENGINEERING ASSESSMENT
JUMPSEC’s Social Engineering Assessment is designed to deliver realistic and targeted attacks, performed in a safe way by our team of in house, expert, ethical hackers and cyber red team specialists, followed up with comprehensive reports and assistance with training in order to drive awareness and education within your organisation reducing your risk of compromise.
WHO NEEDS SOCIAL ENGINEERING ASSESSMENT?
Security technology is continuously improving, and for the most part, computer systems and applications are increasingly secure. Detection or monitoring services can capture a large number of automated attacks, however attackers are ever more sophisticated and deploy techniques, known as Social Engineering, that are designed to compromise the human element of an organisation, tricking them into performing actions that put themselves or their organisation at risk.
Often when the stakes are high and the gains to be made are greater, the more targeted and sophisticated any pretext will be, making it harder for those targeted to know when something is genuine and they are being misled. Our experience has led us to conclude that conducting controlled Social Engineering with specific feedback and training is the most effective way of helping employees understand these risks, improve their security awareness, and reduce the likelihood of successful compromise across an organisation.
JUMPSEC recommends regular Social Engineering Assessments to help dramatically improve defence against Social Engineering attacks.
WHY JUMPSEC SOCIAL ENGINEERING ASSESSMENT?
Decreased risk of compromise through demonstration, awareness and training
The only truly effective way to promote secure behaviour is to help people learn why it is important to them. When we understand the threats we face, we as individuals take ownership for our actions and are keen to improve. Our Social Engineering Assessment engages your organisation, identifies areas of weakness and areas where specific improvements can be made. By coupling simulated attacks with security awareness training we help you understand your exposure to a number of typical attacks, and address their deficiencies.
Peace of mind that multiple attack vectors are covered
Potential attackers are sophisticated and use a variety of techniques to infiltrate and gain access to an organisation’s valuable data or assets. Our service is tailored to your organisation, its appetite for risk and is security posture. The scenarios we design are simulated real world attacks based on real reconnaissance therefore they are realistic, relevant and comprehensive. We identify actual targets and construct pertinent pretexts and scenarios to cover all angles.
Improved defence against cyber attacks combined with Social Engineering
By assessing your organisations susceptibility to Social Engineering and then providing detailed reports and practical recommendations you can dramatically improve your defence against cyber attacks and Social Engineering. Improvements can be demonstrated by tuning the timings and intensity of testing, feedback and training to your organisational exposure and baseline staff awareness.
Visibility of areas of weakness and compromise with practical plans to improve and transfer of knowledge
Our Social Engineering Assessment is tailored to your organisation to ensure that the simulated attacks are real world examples that can be learned from. We provide detailed reports with evidential support and can help you design security awareness workshops to be relevant and based on the results obtained to ensure transfer of knowledge.
WHAT MAKES UP JUMPSEC SOCIAL ENGINEERING ASSESSMENT?
Expert Ethical Hackers
JUMPSEC’s Social Engineering Assessment is performed by our team of in house expert ethical hackers and red team specialists, who understand the hacker mindset and work to strict codes of professional ethics, following structured approaches built on proven methodologies, to deliver real world attacks in a safe and educational way.
Open Source Intelligence Gathering
We commence with an open source passive reconnaissance exercise designed to identify and collect as much public information as possible about your organisation and Identify attack vectors that are most likely to put you at risk. This includes searches of online public information to identify employees, contractors, partners, customers, associated third party companies, premises etc. and includes a non-intrusive investigation into technologies employed by the organisation, specifically those that may have a bearing on subsequent attack paths, for example email/virus scanning capabilities and software versioning. This provides you with a view of the online information available, which may be of use to an attacker and specifically the information divulged by employees who may be in contravention of your policy and guidelines (if present).
We will create a number of scenarios to both educate and expose security awareness within your organisation.Typically these include:
- Email Phishing
- Email Attachments
- Telephone pretexting (Vishing & SMShing)
- Malicious media (CDs, USBs)
- Browser based exploitation
- Physical security
- Whaling (high value targets)
All scenarios are tailored to your requirements and organisation’s security awareness level and range from assessment of individual attack paths to more complex simulations combing several different attack vectors.
Controlled Planned Attacks
We will execute carefully designed and planned attacks on your organisation to test its level of security and awareness in a safe and controlled way so as not to cause any disruption to your day to day activity.
Comprehensive Reporting and Practical Advice
After all attack scenarios have been completed we provide you with a comprehensive report, with evidential support and practical recommendations to help your organisation defend against Social Engineering.
Security Awareness Workshops
In addition to your report we can assist you with the design and delivery of security awareness workshops implemented by your organisation, based on our findings and observations, which will help keep them relevant and engaging.
Continuous Expert Support
We love what we do and we are just a phone call away. When you take our Social Engineering Assessment you receive continuous expert support backed by rigorous processes and procedures. You can contact us at any time for any security related questions.
Learn more about JUMPSEC’s Social Engineering Assessment:
Social Engineering Assessment
Download the Social Engineering Assessment Product Sheet.
What is a Social Engineering Assessment and who needs it?
JUMPSEC’s Jan Sleigh describes what a Social Engineering Assessment is and who will benefit from one.
What makes up JUMPSEC Social Engineering Assessment?
JUMPSEC’s Jan Sleigh discusses what makes up a JUMPSEC Social Engineering Assessment.
What are the benefits of a Social Engineering Assessment?
Jan Sleigh from JUMPSEC talks through the benefits of a Social Engineering Assessment.