Social Engineering Services
When assessing the security of any system or organisation, it is important to factor in the human and physical elements. Conducting periodic physical penetration testing and social engineering helps promote security awareness, and identifies areas where greater control may be required in order to stay within the tolerance of the organisation’s risk appetite.
JUMPSEC provides a tailored suite of services to ensure that any social engineering undertaken is both realistic, relevant and comprehensive. All services include open source profiling of your organisation, identifying targets and allowing the construction of pertinent pretexts and scenarios.
Telephone Pretexting and Vishing – Pretexting is one of the oldest forms of social engineering, tricking an individual into divulging confidential and privileged information or prompting them to perform actions which impact the security of their organisation.
Vishing – This is a term describing a similar attack utilising interactive voice response systems. This form of attack is capable of scalable to a large number of targets, but may not have the same levels of success.
Physical Penetration Testing – Targeted physical testing, utilising techniques such as tailgating and pretexting, will identify vulnerabilities in the way an organisation has structured or implemented physical security controls. It will usually have a specific aim or ‘flag’ that indicates that we’ve been successful in defeating these controls, such as a ‘stolen’ laptop or other sensitive asset. The assessment’s scope could equally encompass a full review of site security.
Phishing – The targeted emailing of members of the organisation, directing them to a malicious website to enter sensitive information.
Browser exploitation and extrusion attacks – Normally this form of attack will be orchestrated with another, such as phishing. The aim is to exploit the installed browser, gain control of the workstation and use this as a bridgehead or pivot point to attack other elements of an organisation’s network.
Malware susceptibility – It is important that the controls in place are robust enough to prevent a staff member introducing malware into your organisation. We will confirm this via a variety of vectors such as lost hardware or controlled access to malicious software embedded in hardware devices.
Carefully planned exercises are invaluable in highlighting areas of risk and providing context around the security posture of an organisation. In the last 6 months a long list of publicly listed businesses has been targeted by browser exploitation and extrusion attacks with varying degrees of impact. Traditionally viewed by organisations as a nice-to-have, social engineering should now be considered an essential component of any security programme.
For more information about social engineering and the benefits it brings, please contact one of our security consultants, via the form below or request a call back.
A certified security services company you can depend on
ISO 27001 & UKAS Certified
Crown Commercial Supplier
ISO 9001 & UKAS Certified
Cyber Essentials Plus Certification Body