Social engineering is the practice of exploiting the human psyche and its vulnerabilities to get people to divulge privileged information. Social engineering attacks prey on fear, greed, and other base impulses and cognitive biases that lead to the victim serving as an unwitting channel into an organization’s system and network.
As any other form of attack, social engineering attacks have been through several iterations of evolution. They keep pace with changing technology and piggyback on it in order to deceive and betray the trust of victims.
With your consent, our experts will conduct social engineering exercises that use deception, manipulation, and intimidation to determine if that leads to giving away of privileged information. In addition, we will conduct more targeted and aggressive forms of social engineering attacks such as spear phishing, vishing, and pretexting that may compel your employees to release sensitive data.
The assessments will also be carried out onsite to determine if acts such as tailgating and vulnerabilities in access policy can lead one to gain entry to sensitive areas such as server rooms and data centers in your facility. We will also bait employees with USB drives lying around your facility to determine if employees will plug these unknown drives into their system. These drives can be loaded with files that invoke a remote server when opened allowing us to measure and quantify the risk exposure. In addition, the files in the USB can also be configured to lock users out of their system temporarily so as to drive home the point.
The goal of these assessments is to create an awareness of the severity and effectiveness of social engineering attacks, which can serve as a foothold to trigger lethal attacks on your network. The outcome of social engineering assessment is to create a report outlining the engagement that led to information being compromised. We will also lay down measures and steps that can be followed to resist and pushback against any means to solicit information from your employees. We also conduct training sessions with employees that walk them through the attacks that were launched against them, and discuss security protocols, policies, and procedure for handling sensitive information.
Copyright @ 2024 GRM Technologies Pvt. Ltd.. All Rights Reserved.