Social Engineering & Physical Security Testing

Watch your phishing and fraud susceptibility drop, while your ROI goes up.

Your employees are frequently exposed to sophisticated phishing and ransomware attacks. More than ever, your users are the weak link in your network security. InfoSight's social engineering assessment and physical security testing involve a comprehensive set of security tests designed to establish the current state of security awareness among your organization's personnel and to determine gaps in policy, procedure, enforcement and security awareness training.

The security tests performed during the social engineering and physical security test may include:

  • Telephone impersonation
  • Email phishing
  • Trojan & virus testing
  • Onsite impersonation
  • Website subversion
  • Camera placement testing
  • Key control testing
  • Clean desktop testing
  • Suspicious activity testing
  • Physical penetration testing
  • Dumpster diving & shred testing

We test your employees to determine their level of resistance to the ploys of social engineers. For example, certain individuals are pre-selected to undergo assessment. Simulated phishing attacks are sent via email and phone calls are placed in an attempt to manipulate the individual into divulging information that can be used to gain access to more information or assets. We then report to you the findings of the social engineering assessments with recommendations.

Social engineering assessments identify gaps where targeted training may be needed to develop or improve employee security awareness and/or knoweldge. Not only do our social engineering reports identify areas of weakness that require attention, but they'll address operating procedures that may need to be incorporated or changed within your program. We'll also make recommendations regarding possible changes that may need to be made to security technologies in use.

We'll assist you in developing a solid foundation upon which you can build your human perimeter defense.

In today's war against cyber crime and financial fraud, your people have become the new perimeter defense. Being cognizant of these types of attacks by testing and educating your employees is essential to surviving these manipulations. The simplest way to get information is to ask for it directly, and this forms the basis for the various techniques used by hackers. They will try to lie, cheat and steal their way past your organization's security controls. When people are unprepared, hackers are nearly 100% successful.

Hackers manipulate people into performing actions or divulging confidential information by masquerading as a legitimate user. They attempt to con an employee or contractor into divulging information so that they can bypass security measures and tools. This technique is often easier than using technical hacking or physical break-in techniques. The goal is to obtain confidential information or credentials from your users through various means to gain illegal access to your internal network. Once inside your network, they can escalate their privileges to the level of system administrator and accomplish anything they want within your network.

No organization is immune to the threat of social engineering. Hypothetical attacks, like those included in social engineering assessments and physical security testing will provide a valuable view of the strength of your human defenses. Educating your employees about the methodologies of the attacks, and having a plan in place to mitigate them are also essential to surviving these manipulations.

Find out how our customers have mobilized their end-users as their first line of defense. Contact us to schedule a consultation with one of our security experts, register for one of our webinars, or ask us how to get training for your staff on social engineering and other cyber security topics within our security awareness training arsenal.