Social Engineering Assessment
People are your weakest link, not technology. Security awareness is more important than ever. Your employees must understand the importance of their role in protecting the business.
Social Engineering uses technical and non-technical means to overcome impediments posed by information security measures. Lies, impersonation, and tricks are used to gain unauthorized access to a valued system and the information that resides on that system. By creating and using an invented scenario, the perpetrator persuades a target to release information or perform an action. It is more than a simple lie as it usually involves prior research and the use of pieces of known information to establish legitimacy in the mind of the target (also called pretexting). In general, there are three main types of social engineering employed by cyber-criminals: physical, phone calls, and phishing emails.
Social Engineering Methods of Attack
Physical - Includes attempts to gain physical access to the premises, obtain records, discover passwords, realize network access, remove equipment, and more. All tests are conducted in a very strict and professional manner.
Phone Calls - SMP calls designated personnel with a series of telephone calls, SMP Consultants attempt to acquire passwords, usernames, and other useful information that would help us gain access to a system and acquire protected information. These telephone conversations will be used to try to manipulate people into performing actions or divulging confidential information.
Phishing Emails - SMP will craft a phishing-style e-mail intended to trick recipients clicking on a link to a bogus e-mail. SMP will send emails out to a number of individuals identified by the Customer. SMP analyzes the results and creates a report that provides the number of employees that clicked the bogus link and the response times. All scripts are approved by the client before they are sent.
The SMP Solution
SMP’s Social Engineering Assessment validates the strength of your policies, the comprehension and compliance of staff, and the viability of technical controls. We report areas of concern, identifies failures in best practice, documents compliance issues, and provides recommendations for improvement. SMP can help remediate weaknesses and assist in the development and implementation of security awareness training programs.