Social engineering in essence is the act of manipulating people in order to gain an advantage. This advantage can be a piece of information, access to otherwise restricted places etc. Unlike most attack techniques in an information system, social engineering techniques target people. Experts agree that the weakest link in the protection of information system security is the human element.
The attackers are attacking people, employees or associates of the organization with the aim to:
- Get (protected) information,
- Persuade employees to do something that will endanger the safety of the system.
This is done by exploiting the human’s:
- Willingness to help (a man in distress)
- Fear of technology,
- Shame of their own ignorance,
- Respect for authority.
They use methods of fraud, seduction, flattery, etc. The degree of endangerment of employees is reviewed trough different methods of provocation and trough bait planting as it would do real attackers.
The result of this test is a statistical assessment of employees and organization’s endangerment and recommendations for specific programs for raising consciousness and education of employees.
To find out commercial details on this service, please contact us here.