Test your resistance – can you manage a social engineering attack?
Social Engineering is the manipulation of people to give up confidential information. Criminals who engage in social engineering often pretend to be a person of authority, and by asking for help from a person at the company, they could access systems they under no circumstances should be able to access.
Exploiting the goodness of others
We humans have a natural tendency to trust other people. This makes us careless, failing to follow the security protocols needed to stop a person with bad intentions. To be sure that no unauthorized person can access confidential information, clear processes and training are required.
Sentor has done a massive amount of testing
Sentor has solid experience in testing for Social Engineering attack vulnerabilities. Contact us to find out how it is done.
Like more information? Please send your e-mail address and we will get back to you!
What kind of tests can Sentor perform?
In most cases, the client has a clear picture of what needs to be tested, but in other cases we help the client to design a mission with clear objectives. Below are some examples of tests we have performed earlier:
- Has the front desk and customer service personnel embraced the security policy?
- Is it possible to get physical access to the company’s servers?
- Is it possible to gain access to administrator roles and retrieve critical data from the IT environment?
We also defines the attack routes that are approved to use in order to achieve the objectives defined. Below are some examples of attack routes:
- Physical intrusion attempts on the company (e.g. pretending to be an employee who ”have forgotten the access card”)
- Mail from external mail servers and spoofing of email
- Telephone contact (e.g. conversations with IT support or customer service)
The client decides whether to use non-technical penetration methods, or if we are working with a combination of non-technical and technical methods.
After the mission, the client receives a report containing approaches, identified deficiencies and recommendations to remedy any deficiencies and improve their security.