Phishing, baiting or tailgaiting: the team at SRM can safely and securely build an attack scenario to test how the organisation would respond to a real and malicious attempt of this nature.
Who is the service for?
In information security, the human element is often the weakest link; leaving an organisation open to unintentional vulnerability. Social engineering is an attack vector which relies on the psychological manipulation of people to gain access to systems. Any business wishing to gain a current and valuable knowledge base around the day-to-day threats facing all staff members can enlist a trusted third party to simulate this type of event and provide follow-up training to make sure any knowledge gaps are filled.
What is Social Engineering?
These types of attack exploit individuals within an organisation. They range in sophistication but commonly include scams where attackers attempt to persuade employees to divulge confidential passwords or sensitive information. Known by terms such as phishing, pretexting, baiting, tailgating or Quid Pro Quo, the types of attack have sinister motivation: usually to coax information or open up a system to allow the introduction of malicious plug-ins.
Preventing social engineering attacks requires a number of strategies, including education, alerts and regular monitoring. Testing is also important and should be included within a systematic Test and Exercise schedule
The team at SRM can safely and securely build an attack scenario to test how the organisation would respond to a real and malicious attempt of this nature. The purpose of which is not to embarrass or bring disciplinary action to individuals, but to create an environment where all employees recognise their part in preventing this type of cyber-attack.
Test & Exercise Services
From vulnerability assessments to Red Team engagement, we provide a full range of bespoke services to deliver a robust and cost-effective solution for your Test and Exercise requirements.
Red Team Engagement
SRM’s CREST qualified consultants combine a rigorous training process with real-world experience so they can think creatively and with the mindset of a genuine hacker. The difference is that they work for you.
At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.
How phishing scams are getting schools into deep waterTuesday, June 26th, 2018
While many schools are concerned about the advent of the General Data Protection Regulation (GDPR) and what it means for the collection and holding of data, permissions and consent,..
How poor data-stripping can expose organisations to Spear Phishing attacksFriday, August 18th, 2017
A survey for the BBC has discovered that poor data-stripping on websites leaves information in place which provides valuable intelligence for Spear Phishing attackers. By not removing key metadata,..
Phishing and GDPR complianceTuesday, June 20th, 2017
By Paul Brennecker, Principal Consultant, CISM | PCI QSA | PCI PFI | PCIP There is a saying that a chain is only as strong as its weakest link. This,..