If your company is like most, breaches that lead to compromised data is at the top of the list. Sure, continuity issues are always a concern, but nothing makes us quake in our boots quite like a breach. Security experts know that as long as there is someone out there with access to a computer and malicious intent, breaches will be a top concern for companies. And your IT security group works to proactively plug those holes before they are discovered by the outside world. Securing physical information is usually part of training, but most of it is centered on countering social-engineering tactics and phishing schemes.
Social-Engineering Strategies to Add to Your Penetration Testing
The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you. NOTE: The information contained in this article is intended for use during a professional pen testing audit and should never be used to perform illegal acts. Each reader will need to be aware of their locations legal boundaries in regards to the tactics mentioned within. A penetration tester is a person who tests for vulnerabilities or unauthorized access to systems. Penetration testing also called pen testing is the practice of testing a computer system, network, web application or onsite perimeter to find vulnerabilities that a malicious attacker could exploit.
These activities are risky, and often involve borderline and outright inappropriate behavior. I encourage you to explicitly forbid social engineering attacks in your pentest scopes. Instead, try simulating the kinds of compromises that social engineering attacks lead to, with an emphasis on detection and response. Most penetration tests target systems, but social engineering attacks target people. This is an important difference: attacks on people feel personal in a way that attacks on systems do not.
For more information and guidance on penetration testing or packages that IT Governance offers, please contact our experts who will be able to discuss your needs further. Phishing works well because it tricks people into divulging sensitive information that can compromise their security. A simulated phishing attack aims to establish whether your employees are vulnerable to phishing emails, so you can take immediate action to improve your cyber security. This service gives you an independent assessment of employee susceptibility to phishing attacks and provides a benchmark for your security awareness campaigns.