Mission-critical information in physical or spoken formats commonly requires adversarial threats to use different techniques, often involving physical access or require methods to influence individuals, such as social engineering. APT-style attacks are usually deploying multiple vectors, often social engineering combined with Web or network exploitation. For instance an adversary can email a malicious application, or host a malicious application on a compromised website, and use social engineering techniques to convince users into installing the application on their workstation. Even if privileged access is required to install applications, users will use their privileged access if they believe, or can be convinced that, the requirement to install the application is legitimate.
A threat can use a variety of social engineering techniques, including impersonating a valid user, especially one of privilege, persuading an employee or valid user, extortion or blackmail as well other techniques.
Organizations need to continuously validate and improve the awareness level of their employees for social engineering through periodic testing as part of their information security awareness and training program
Through our simulating social engineering attacks, we provide insight to organizations of their weakest points which is the human factor, assessing whether employees will click on a link from suspicious email or provide sensitive information on the telephone without following appropriate procedures for authenticating a caller.
For those individuals users that fail testing, we ensure that they become educated of the social engineering threat, as well as methods to detect suspicious emails in their environment and processes to report these events, through relevant content of our eLearning platform.