Targeted Awareness Training
Enhance your employees’ ability to identify social engineering attacks.
Review Information Security Policies and Controls
Determine how effective your information security policy is and how controls can be improved to identify and prevent attacks.
Establish what an attacker could obtain from your business through a successful attack.
A Valuable Component of Wider Penetration Testing
A social engineering assessment is a useful component within a wider testing process that can support red teaming of assumed breach testing.
Key Challenges Addressed
Social engineering attacks take advantage of people’s natural inclination to help and support others. If organisations aren’t sensitive to this in how they address this form of attack, they can make individuals feel singled out when they were simply trying to be helpful.
This can discourage what are otherwise positive behaviours within the organisation (such as responsiveness and collaboration) or disengage people from social engineering awareness or training programs.
To address this, organisations need to minimise risk for the wider business without making people feel like they are being tested or reprimanded. However, organisations may lack the experience to deliver a people-first approach to social engineering training and awareness that ensures people feel fully supported.
How It Works
Our social engineering penetration testing services begin with a detailed scoping session with you to identify key risks and what processes and procedures are currently in place to mitigate them. These processes and procedures should empower your staff to identify and prevent potential social engineering attempts.
Relationship-Building Attacks - A long-term social engineering attempt that aims to build trust that can later be exploited, often in support of supply channel attacks.
Baiting/ Luring - Physical media devices can are used to lure employees into connecting it to a computer system, often containing malware.
Physical Intrusion - Disguising as an employee or employing other social engineering techniques to get access to the premises and to reach valuable information, plant listeners, plug in network devices within restricted areas of the target company.
Impersonation - Disguising as an employee to get access to the premises and to reach valuable information, sometimes in restricted areas of the target company.
Once the assessment is complete the consultants will provide a detailed report alongside in- person or virtual workshops to help educate and support the organisation. These workshops are designed to raise awareness around potential attack types and how they are conducted and provide simple steps to help mitigate these risks.
Our assessments cover all types of social engineering, whether on or off-site:
Once the assessment is complete the consultants will provide a detailed report alongside in- person or virtual workshops to help educate and support the organisation.
These workshops are designed to raise awareness around potential attack types and how they are conducted and provide simple steps to help mitigate these risks.
Ready to Take the Next Step?
We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.