5. 2. 2019

Social engineering

Social engineering

Every day there is immense amount of information coming your way. Customers are calling; you need to condense materials for a meeting; the insurance company sent a form to fill out; and on top of that, IT is calling for the second day in a row about updating the system. Any one of the above things could be a targeted attack, yet you wouldn’t recognize it in the day-to-day rush. Really though, do you know how to differentiate between a PDF with malware and an order from a customer?

Relevant application​

Taking a look at social engineering makes sense regardless of your security capabilities. Even if you don’t have the capability to monitor outgoing network operations nor do you have a surveillance center, it’s a good idea to determine how difficult it would be for an attacker to get in as well as to see how your colleagues might react. Even if you don’t end up utilizing our countermeasures, at least you will be armed with the practical experience and you and your colleagues will be more alert and capable of reacting properly when and if you will be the target of a real attack.

Our procedure​

We will attempt to send you a fake email, we will call you, send a letter, counterfeit a CD or USB, request information from you. We will find the boundaries of where your systems and processes begin to fail. Also, we will explain the reasons why and how to deal with it. In short, everything you need to know about what works and what doesn’t.

Result

An overview of the scenarios we considered, which ones we chose and the ways in which we proceeded. A table is, of course, included with an overview of the number of successes and failures as well as an overall assessment.