Social Engineering

Social Engineering Assessment (SocEng)

Almost every major security breach featured in the news over the past decade has involved social engineering. Social engineering often provides attackers with an initial foothold within the organization, from which they can escalate their attacks to access sensitive information. Beyond phishing, our Social Engineering Exercise (SocEng) targets the human element through multiple attack vectors to assess employee awareness of potential security threats. During the Social Engineering Assessment, we simulate phishing, planted media, pretext calling, social networking, and, optionally, tailgating to evaluate exposure to social engineering.

Our social engineering exercise attempts to build false confidence among employees, manipulating them into inadvertently disclosing sensitive information, such as account credentials or other details that could compromise security. In performing this exercise we use a combination of techniques, including pretexting, phishing and baiting. Social engineering tests evaluate an organization's awareness of security threats and compliance with policies related to information disclosure and incident response. The results are documented in a comprehensive report. This exercise serves a number of purposes beyond assessing the organization's susceptibility to social engineering:

• It also raises overall user awareness to these types of threats. As internal dialogue spreads about attempted social engineering attacks, other users become more cautious regarding inbound communications and requests.
• The report itself can be used for training purposes.

Furthermore, clients may seek to engage Illumant for personnel training following the social engineering exercise, as well as subsequent re-testing.