social engineering in corporation

Social Engineering Testing

Real-world attack simulations against your first line of defence

Request a Quote

Social Engineering Testing

Over 30% of all hacks resulting in data breaches in the last year included some sort of social engineering attack such as phishing or telephone pretexting. Why? Because it works. Social engineering is a reliable and proven technique for by-passing technical security controls and obtaining unauthorised access to systems and information. System end-users are the weakest link. And yet, most companies focus solely on testing the effectiveness of the security hardware and software controls they’ve implemented on their systems to reduce the risk of unauthorised access. A hacker will follow the path of least resistance for gaining unauthorised access. Why bother hacking a firewall when they can pick up a telephone and trick an end-user into revealing their login credentials? If you have not already undertaken social engineering security testing, the question is why not? Risk Crew’s testing is scoped to meet your specific business or compliance requirements and we issue “Testing Certificates” to enable your business to produce evidence of compliance if required.

Risk Crew Deliverables

Risk Crew’s service provides a comprehensive report that details security vulnerabilities identified and specific actions for remediation, a courtesy workshop and on-call assistance.

Social Engineering Testing Benefits

Risk Crew has been designing and successfully implementing simulated social engineering attacks against companies in virtually every business sector for well over 15 years. Social engineering is not a science – it’s an art.

Risk Crew is staffed with social engineering artists. Each project is customised in terms of the time scale and objectives of the testing, and our consultants follow a stringent methodology for all engagements, ensuring all objectives are met within the agreed time and budget.

Some of the benefits of conducting Social Engineering penetration testing include:

✓Benchmarks the security awareness level of your end-users.

✓Identifies weaknesses in operational and business processes which could be exploited for unauthorised access.

✓Spotlights vulnerabilities you have overlooked.

✓Provides invaluable insight into the genuine level of security your information security risk management programme provides.

Why Choose Risk Crew

Our experienced security engineers implement detailed Social Engineering Testing methodologies, ensuring they can effectively assess your businesses capabilities to detect and mitigate attacks against your business systems. All engineers are thoroughly vetted and subject to in-depth professional, criminal and credit records checks.

When you choose Risk Crew, you’re electing to work with qualified experts.

Help prevent Social Engineering attacks. Let Risk Crew’s artists identify vulnerabilities within your staff’s security awareness and day-to-day compliance to policies & procedures.

Frequently Asked Questions

How does Social Engineering work?
A social engineering attack relies on the manipulation of human behaviour. A person’s personality, good nature, beliefs, education, professional status or social etiquette can often easily be exploited, and they can be tricked into doing something that is in a hacker’s interests. This is how easily social engineering works and why it’s so dangerous. By and large, all social engineering attacks attempt to exploit one (or more) of the following four common human emotions:
  • Helpfulness: Our innate willingness to want to help others.
  • Obedience: Our inclination to comply with the law, a direct request or order from someone in a perceived position of authority.
  • Fear: An unpleasant emotion that is caused by the idea that something or someone can cause us harm.
  • Greed: A selfish desire for personal gain.
Social engineering requires nothing more than a basic understanding of simple behavioural psychology principles and some good acting skills.
What are typical social engineering attacks?
Successful social engineering attacks are delivered in contexts designed to exploit these human weaknesses. Typical social engineering attacks include scenarios such as:
  • Pretexting: Masquerading as someone else
  • Baiting: Enticing the victim with promises of something of value
  • Blackmailing: Threatening to reveal something that the target wishes to be kept secret
  • Offering Quid Pro Quo: Promising something to the victim in exchange for the victim’s help
Social engineers use their knowledge of how people think in a variety of ways. By targeting the human element, they increase their probability of a successful attack by bypassing defences designed to protect against “conventional” hacking.
Do most hacks include Social Engineering?
Yes. In general, any attack that relies on the participation of a system end-user usually involves some sort of social engineering aspect. Injecting malicious code that would allow unauthorized access, for instance, is usually done through “phishing”.
How do you defend against Social Engineering?
The best defence against social engineering attacks is to educate your end-users. Users must be made aware of the threat and the methodology. Social engineering attacks are designed to exploit the weaknesses in the way users think. All social engineering attacks boil down to trying to get someone to do something that they should not do or allow. They must be educated to question requests from unknown sources. The top 3 best practices to include in your user awareness training are to:
  1. Verify that the person is who they claim.
  2. Verify that the person is a current employee or has a need-to-know relationship with the company.
  3. Verify that the person is authorised to make a request.