Call Us: 619-684-9117
Risk Insights Blog

Social Engineering

Risk Insights skilled security analysts provide our clients with advance notice on social engineering risks to their sensitive information.


Social Engineering Service Overview

Cyber adversaries today rely upon a combination of technical and social techniques to steal useful information from unsuspecting companies. Risk Insights social engineering services provide our clients with comprehensive assessment of their personnel’s readiness to withstand attacks that rely upon intra-personal techniques. With targeted attacks on the rise, organizations must understand and prepare for risks of social engineering oriented attacks.

Methodology

Unlike conventional security assessments, social engineering tests require a great deal of adaptability from the service provider. This is due to the nature of the human element, which is central to the test. During the test, Risk Insights personnel will adapt and utilize a variety of social engineering techniques to gain access to useful information. Techniques that may be used during the course of the assessment include:

  • Custom created electronic media devices that contain malicious payloads to extract information from the customer environment
  • Crafted phishing emails designed to lure employees into a staged attack site that we host
  • Impersonation attacks that rely upon caller ID spoofing, voice modulation or “person of authority” impersonation (fire inspector, OSHA inspector, etc)
  • Human to human interaction with unsuspecting targets
  • Crafted phishing emails designed to lure employees into a opening malicious attachments (PDF and Word)

Deliverables

At the conclusion of the social engineering assessment, our clients receive a comprehensive de-brief of the assessment. The electronic report contains a detailed description of the test methodology, scope, contacts and information extracted from the customer environment. In addition, Risk Insights conducts a phone based review of the assessment and ensures that each client has a confident understanding of identified risks and recommended mitigation steps. Specific information types provided within our social engineering reports include:

  • A description of the techniques used to stage the social engineering test
  • The scope of the social engineering assessment: sites visited, employees contacted, websites impersonated, etc.
  • A detailed narrative of how each test technique was carried out
  • A description of how clients personal reacted to each test technique
  • A listing of all sensitive information extracted from the customer environment
  • Tactical recommendations to address risks that were identified
  • Strategic recommendations to address risks that were identified

Our Services

Our Company

Resources

----------------
© 2012 Risk Insights. All rights Reserved. Contact Us   Policies