Social Engineering Testing
It is a non-technical tactic deployed by attackers in order to bypass physical and technological controls. The attacker exploits the vulnerabilities of the human (employee) who is often lacking in security awareness. These tactics can be used as reconnaissance during the information gathering phase of an attack and form’s part of the following threats against your organisation:
Phishing
Spear phishing
Vishing
Pretexting
Baiting
Or infecting your computer with:
Malware
Spyware
Ransomware
Remote access trojans.
Before the attack is executed, we conduct thorough research into the target (the employee) and company using social media and open source information.
The art of social engineering is explored academically in our research laboratory. As technology develops and evolves, more devices will become connected to the internet (Internet of Things) Human interaction with connected devices will inevitably increase, meaning attackers will have more ways of hacking the human in order to gain unauthorised access to your network.
Ninety-one percent of cyber attacks starts with a phish. The top reasons people are duped by phishing emails are curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social interaction, entertainment, and opportunity.
What we do?
We simulate realistic social engineering attacks within specified legal and agreed parameters to test your employees’ security awareness, compliance with your security procedures and whether your security measures work. The goal is not to name and shame employees, rather, we aim to safeguard your confidential information, while educating and training your workforce.
At Tri-star all our consultants have law enforcement or security services expertise and experience. We are highly skilled at researching social media and harvesting open source information. Therefore, our social engineering simulation attacks are highly realistic and effective. From our investigative experience, we have encountered a vast array of social engineering tactics used by attackers.
Social engineering is also a tactic used by investigators in serious and complex investigations. Therefore, our consultants have a deep, practical understanding of not only how to develop realistic and effective social engineering tests, but what solutions actually work and what training to provide.
Why simulate an attack?
Simply put, investing heavily in cutting-edge security technology is futile against an attacker who can get one of your employees to click on a link containing a malicious payload, or an employee that will inadvertently divulge sensitive information that can be exploited by an attacker. Humans will always play a crucial part in endpoint failure of technology. Tri-star will mitigate that risk by exposing areas of vulnerability before an attacker does. Through training and educating your work force we will instil a security-minded culture from the top down in your organisation. This will have numerous benefits:
1. Reduce the success rates of attacks
2. Prevent loss of information
3. Secure your confidential data
4. Prevent damage to your reputation
5. Instil confidence in your stakeholders, customers and investors.