Social Engineering Services
The human factor is the primary risk for the information in your IT environment. Companies constantly seek to enhance their technical security implementations to prevent cyberattacks. However, threat actors target the company where the security is most neglected - the users.
Phishing emails, CEO frauds, pretexting calls, and physical intrusions are on the rise and constantly in the news. Adversaries successfully employs social engineering tactics to steal intellectual property, personal information, and other sensitive data that can harm an organization’s competitive advantage and reputation.
Let us help you create awareness and mitigate the risk of an intrusion today!
Social Engineering – Measure Your Responsiveness
We will perform a test including information gathering, vishing (phone calls), phishing, and spear-phishing. The results will be presented in a report which identifies the level of awareness of your users and vulnerabilities in your IT environment. We will present specific actions for you to take that are tailored to your organization to increase your protection against threat actors – internal and external.
Benefits with This Service
- Significantly reduce the risk of data breach
- Map your users’ current awareness level
Physical Intrusion – Test Run Your Defense
We will perform a test of your physical security. We will try to physically access your facilities, gather internal and confidential information, and plant a box to obtain access to your IT environment.
Benefits to You:
- Eliminate your physical vulnerabilities
Combo: Social Engineering and Physical Intrusion
We will perform a combination of a Social Engineering Test and Physical Intrusion (read more above). We can also test and evaluate your Security Operations Center (SOC) capabilities if you have one.
Benefits of This Combo:
- You receive the full picture of all your vulnerabilities
- You will significantly reduce the risk of data breach
- You will improve your SOC capabilities
Educate and Build Awareness
The human factor is the primary risk for the information in your IT environment due to the lack of education. Educating your users will make a difference and significantly reduce the risk of a data breach. We will tailor the education plan specifically for your organization and needs.
Choose the forum which suits you the best – repetitive lectures at your facilities or start with a two-day crash course at our facilities or frequent video modules.
- Reduce the risk of a data breach
Profiling – To Protect High Value Users
We will map specific targets, such as CEO, CFO, and CTO online footprints and present a digital profile and its vulnerabilities, which can be exploited by threat actors.
You will receive recommendations on how to digitally protect high-value users.
Social Engineering as a Service
Change Risky Behavior and Enable Employees to Report Social Engineering Attacks
On a regular basis, our experts will perform social engineering campaigns that include the common social engineering vectors:
- Spear-phishing to high-level executives (e.g. CEO fraud campaigns)
- Phishing emails with the purpose of stealing login credentials
- Malware (e.g. ransomware) delivered by e-mail
- Spear-phishing personnel with high privileges
- Drive-by attacks
- Phone calls with the purpose of extracting sensitive information
- Phone calls with the purpose of influencing the employee to perform an action (e.g. create an account)
- Physical intrusions (e.g. to photograph sensitive data or plant a rouge device)
The test results are aggregated in a web-based dashboard so you can follow your organization’s resilience to social engineering and see improvement over time.
A Teachable Moment
When employees enter credentials or execute “malware” delivered in a test, they will be presented with an educational video about the dangers of social engineering. This provides the employee with a valuable teachable moment.
Awareness Insights Over Time
Obtain deep insight and follow your organization’s improvements over time with Truesec’s Awareness Dashboard. See how many employees clicked dangerous links, leaked their credentials, downloaded malware, executed malware, or reported the attack.
All statistics are anonymized yet provide you with the opportunity to follow improvements and see results by department and role.
Standardize Reporting of Phishing
Many times, when an employee suspects phishing they are not aware of the proper response. Should they escalate, warn their colleagues, delete, or mark as spam?
Truesec Phishing Informant is a plugin to the Outlook mail client that is simple to use and allows your employees to report any suspicious emails with a single click. Phishing reports can then be centrally analyzed and correlated. To obtain expert analysis, the plugin can be integrated with Truesec’s Security Operations Center (SOC).
The service is available on a monthly subscription. Contact us for a quote!