As an organisation, you have just made a significant investment in securing your application and IT infrastructure. You have the latest firewall and network perimeter security devices in place. You have performed application and infrastructure security testing against your publicly facing systems; however has the human element of security been given the same level of attention? What if an attacker is able to gain access to sensitive information by targeting your organisation's employees or by gaining physical access to your premises?
The main aim of the intruders is, by using different techniques, to gain unauthorised access to your company's systems or sensitive information that will be used in the future to commit a fraud. An organisation needs visibility of the risk these threats can pose and assess whether the current policies and processes would prevent these attacks from being successful.
Our Social Engineering service has been designed to evaluate the gaps in your staff security awareness and includes five stages of testing which can be tailored to your needs.
Stage 1 - Data Leakage in the Public Domain
This basic stage will make investigations into all the information that is available in the public domain. At this point ProCheckUp would not contact any staff or conduct any physical information gathering on site.
Stage 2 - Human Data Leakage
This stage will involve an active analysis of the information that is available in the public domain and it is at this point that we would contact people in the organisation and gain information that should not be in the public domain.
Stage 3 - Physical Social Engineering
This stage is where we would look to physically gain access to a location. At this point it is important to stress how your company must be comfortable with ProCheckUp consultants attempting to manipulate staff to gain entry.
Stage 4 - Fraud and Theft
This analysis is carried out from the position of a potential attacker that is embedded into the organisation.
Stage 5 - Advanced Attack
This is the most in-depth type of assessment on offer.
Contact us to discuss your company's social engineering needs.