There is no endpoint solution in the world that can protect against your staff’s willingness to help a supposed colleague in need, or acquiescing to the demands of a “brand new member of the board”. These are the types of physical social engineering activities that we mimic regularly, to probe organisation’s human defences- your staff.
- If someone gained unrestricted access to your offices what could they walk out with?
- Your external firewalls prevent attacks from the internet, what about someone who can plug themselves into your internal network?
- If someone obtained all your client records or even a whole database by just accessing an internal share, would you even be able to trace its extraction?
These are the kinds of questions that should cause you to look beyond your technical and network security. Our social engineering work is not about singling out individuals for a witch-hunt. Far from it, it is designed to identify company-wide cultural, behavioural and process issues, which you can then address.
Social engineering is not just restricted to having our people on the ground, attempting to access on-site terminals or physical storage areas either. We regularly conduct telephone social engineering as well. This testing shows you how it can be possible to charm, bully or otherwise gather data and information from your frontline staff without even entering the building.
Depending on the scope of what you want to achieve we could canvass your people’s knowledge and understanding of the current security policy. We can even test their propensity to follow instruction- which could lead to them introducing malware to your network, or enabling the egress of sensitive data.