Understanding the human element of information security
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
- Educating on security threats
- Preparing employees to react
- Strengthening security posture
- Validating security training efforts
- Establishing strengths and weaknesses
- Providing insight for further training
Pratum’s ethical social engineering services are a true assessment of an organization’s security training and awareness practices. By performing social engineering assessments of an organization’s facilities and employees, Pratum is able to establish the baseline security posture and make recommendations for modifying and developing stronger policies and procedures.
External Social Engineering Assessments
Pretexting Phone Calls
Employees may struggle in recognizing the difference between a legitimate conversation with a valued customer and an unethical pretexter trolling for information. Performing an ethical pretexting phone campaign will help to validate your organization’s security procedures as they pertain to sharing information with customers, vendors, and internal staff.
Email is the most prominent form of business communication, which is why attackers are so fond of using it to infiltrate networks and systems. Preparing employees and executives to recognize these types of attacks, and regularly testing them through ethical email phishing campaigns, is a surefire way to protect your organization against real phishing attackers.
Our consultants prepare emails that simulate a real-life, professional attack. We develop customized email, target specified employees, and monitor their engagement. Our analytics provide insight into who opened the email and what links were clicked. Our email campaigns are designed to give us a very real understanding of how your organization could be breached.
Internal Social Engineering Assessments
Ethical dumpster diving provides a snapshot into the effectiveness of an organization’s data destruction policy. Everything from hand written notes to proposal drafts can be found in an organization’s dumpsters. If an attacker gets hold of passwords, proprietary business information, or personally identifiable information it could be crippling to an organization.
Facility Access - Onsite Security Assessment
Performing an unauthorized facility access attempt with an ethical attacker enables organizations to properly assess building access codes, IT Asset controls, and employee behavior. Pratum’s ethical attackers pose as employees, customers, or contracted workers in an effort to enter a facility and gain access to sensitive information without triggering alarms.
Social Engineering Report
Upon completion of the assessment, Pratum’s consultants provide an extensive social engineering report. The report highlights the activities of the assessment, details findings and provides guidance for future planning.