Social Engineering Assessments
As computer and information security continues to evolve, many organizations have become well positioned to prevent and manage attacks related to their network perimeter and public applications. As attackers continually search for the lowest-hanging fruit, it has become clear through recent events that targeted phishing campaigns and other social engineering attacks are an effective and low-cost way for attackers to obtain access to an organization's most sensitive networks and data.
VSR's social engineering assessments can be tailored a variety of goals, including any or all of the following:
- Raise awareness about the social engineering attacks with management and the general user population. Help to educate targeted users on ways to spot spear phishing and more classic confidence tricks.
- Provide a view of how much information about an organization is publicly available. Social networking sites and other published records provide attackers with treasure trove of data than can be used to create sophisticated social engineering attacks. Understanding an organization's public profile is key to helping mitigate the risk.
- Test the organization's incident response procedures and ability to react to attacks in progress.
- Periodic campaigns over a longer time frame can help one measure the return on investment of existing user awareness training and other technical controls.
Most social engineering assessments consist of several different types of attacks launched over the course of one to two weeks. Customers can expect a set of detailed statistics about how each attack succeeded or failed, and typically come away with a renewed appreciation for how effective these attacks can be.