Social Engineering is a term that describes a non-technical type of intrusion that relies heavily on human interaction. During a social engineering attack, the perpetrator misleads a person into sharing information which they should not, should they know the real identity of the inquirer. Then, the perpetrator uses this information to bypass/defeat normal security procedures or physical access controls. This attempt could fall into the following Social Engineering categories:
Internet – Impersonating a legitimate, usually an email, source for tricking the user to reveal sensitive information or provide un-authorized access to hostile intruders or hackers. Email based phishing attacks are the most commonly used social engineering attacks, tricking users into following a malicious link or revealing their access credentials.
Telephone – Impersonating a person/partner working for the organization in an attempt to acquire sensitive/useful information while minimizing the risk of being identified.
Physical Access - Attempting to gain unauthorized physical access to the organization premises.
Our ITHACA Labs® experts undertake the design and execution of a series of Social Engineering tests leveraging a variety of techniques. These exercises are instrumental in helping the organization to identify and address security weaknesses that a hostile intruder or hacker could utilize for gaining unauthorized access to the organization’s systems and data either through the Internet or physically.
All tests are designed in cooperation with the organization to ensure specific security/system controls and policies are tested.
Important Note: When executed on a periodic basis, these exercises prove instrumental in helping organizations identify weaknesses in their software applications, network devices, systems, security control and Information Security Processes, while also confirming or denying specific assumptions that may be held by management in relation to the completeness and robustness of existing controls.