Social Engineering Review
While the threat of data loss through sophisticated cyberattacks is very real, many organizations overlook their employees as a potential threat to company security. A social engineering review will help organizations combat these types of attacks. Even the best network and systems security will not prevent an attack directed at your employees. Malicious hackers can be extremely effective at coercing people to break their normal security procedures and divulge confidential information. In some cases, the disclosure of information may not be intentional and employees can be taken advantage of by carefully thought out criminal attacks. This line of attack is referred to as social engineering.
Rather than a traditional information security assessment, the social engineering review is designed to assess the level of training and knowledge employees possess when it comes to ensuring the security of vital information and data.
At Canaudit, we use the same thought process and real world strategies that attackers use in order to gain internal network access or confidential information access through anonymous conversations with staff, email phishing, USB drive dropping and other creative attacks. The specific attacks selected for each engagement are based on the specific needs and requirements of each client.
Canaudit will make contact with the client organization via the scenarios agreed upon. During this activity they will impersonate third parties, trusted internal staff or even external contractors.
Users are engaged remotely via email and tested as to whether they will interact with links that are not trusted, websites or requests. Sensitive information will also be requested.
- Voice Phishing
Users are engaged remotely via telephone and are tested as to whether they will disclose sensitive information such as system information, service versioning, authentication information, or other configuration settings.
- Physical Infiltration
Users are engaged in person to test specific information security policies.
- Malicious Media Drops
USB drives or other such devices are distributed anonymously, and employees are tested to determine if they are used on company resources.