Social Engineering Testing
To achieve Social Engineering testing simulated Phishing, baiting or tailgating can all be utilised: the team at SRM can safely and securely build an attack scenario to test how the organisation would respond to a real and malicious attempt of this nature.
Who is the service for?
In information security, the human element is often the weakest link; leaving an organisation open to unintentional vulnerability. Social engineering is an attack vector which relies on the psychological manipulation of people to gain access to systems. Any business wishing to gain a current and valuable knowledge base around the day-to-day threats facing all staff members can enlist a trusted third party to simulate this type of event and provide follow-up training to make sure any knowledge gaps are filled.
What is Social Engineering?
These types of attack exploit individuals within an organisation. They range in sophistication but commonly include scams where attackers attempt to persuade employees to divulge confidential passwords or sensitive information. Known by terms such as phishing, pretexting, baiting, tailgating or Quid Pro Quo, the types of attack have sinister motivation: usually to coax information or open up a system to allow the introduction of malicious plug-ins.
Preventing social engineering attacks requires a number of strategies, including education, alerts and regular monitoring. Testing is also important and should be included within a systematic Test and Exercise schedule
The team at SRM can safely and securely build an attack scenario to test how the organisation would respond to a real and malicious attempt of this nature. The purpose of which is not to embarrass or bring disciplinary action to individuals, but to create an environment where all employees recognise their part in preventing this type of cyber-attack.
From vulnerability assessments to Red Team engagement, we provide a full range of bespoke services to deliver a robust and cost-effective solution for your Test and Exercise requirements.
Red Team Engagement
SRM’s CREST qualified consultants combine a rigorous training process with real-world experience so they can think creatively and with the mindset of a genuine hacker. The difference is that they work for you.
Virtual CISO ™ Virtual ISM ™
At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.
Phishing attacks and the perks of purple teamingMonday, July 1st, 2019
Cyber criminals are like magicians; they rely of sleight of hand. Like theatrical entertainers, they misdirect so that the trick occurs when the audience least expects it. So while..
The evolution of cyber crimeFriday, June 21st, 2019
Ever since Charles Darwin introduced the theory of evolution in 1859 we have been aware of the continual process of change in the natural world. Things are no different..
How phishing scams are getting schools into deep waterTuesday, June 26th, 2018
While many schools are concerned about the advent of the General Data Protection Regulation (GDPR) and what it means for the collection and holding of data, permissions and consent,..