What is Social Engineering?
Social engineering is an attacking technique which strongly focuses on human interaction and often means that people are manipulated to circumvent security procedures and best practices, in order to gain access to systems, network or physical locations, or for financial gain.
Attackers use social engineering techniques to hide their true identities and motives, and pretend to be a trusted individual or a reliable source of information. The goal is to influence, manipulate or entice users to provide confidential information or access to an organisation. Many social engineering exploits simply rely on the human trait of wanting to be helpful. For example, the attacker may pretend to be a colleague who needs help urgently and for which they need access to extra network sources.
Social engineering is a popular tactic among hackers, because it is often easier to abuse the weakness of users than to find a vulnerability in a network or software. Hackers often use social engineering as a first step in a larger campaign to infiltrate a network and steal sensitive data or spread malware.
Why Social Engineering ?
Social engineering is one of the most difficult threats to protect against. It targets, by definition, human error and human reasoning. Cyber criminals may work full time to figure out how to mislead people, but employees in an organisation also have other things to do. There is an imbalance between knowledge between digital scammers and their potential victims.
One way to protect employees from this kind of manipulation is by education and training. We offer various types of training to increase awareness. Additionally, we run simulations to let the employee experience it. Both motivate a behavioural change, which is necessary to use the human firewall optimally.
During social engineering research, human traits are abused to acquire confidential information or to make employees perform certain actions. This provides insight into the vulnerability level of your organisation in regards to social engineering. It is also a perfect method to test whether the acquired knowledge during training is also being applied in practice. Organisations are often taken aback at how vulnerable they are to this form of crime.
Gain insight into vulnerabilities with a mystery guest and/or a USB drop.
Phishing by phone, also known as vishing, is a targeted attack on your organisation.