Targeted Awareness Training
Enhance your employees’ ability to identify social engineering attacks.
Review Information Security Policies and Controls
Determine how effective your information security policy is and how controls can be improved to identify and prevent attacks.
Understand Risk
Establish what an attacker could obtain from your business through a successful attack.
A Valuable Component of Wider Penetration Testing
A social engineering assessment is a useful component within a wider testing process that can support red teaming of assumed breach testing.
Why Social Engineering Testing with Bridewell?
By working with Bridewell to complete a social engineering test, you can gain insight into how capable your employees are at recognizing and responding to social engineering and whether your organization's existing policies are effective at stopping these threats. This is fundamental to identifying vulnerabilities and improving procedures that mitigate the risk of attacks such as phishing, impersonation, and relationship building.
Key Challenges Addressed
Social engineering attacks take advantage of people’s natural inclination to help and support others. If organizations aren’t sensitive to this in how they address this form of attack, they can make individuals feel singled out when they were simply trying to be helpful.
This can discourage what are otherwise positive behaviors within the organization (such as responsiveness and collaboration) or disengage people from social engineering awareness or training programs.
To address this, organizations need to minimize risk for the wider business without making people feel like they are being tested or reprimanded. However, organizations may lack the experience to deliver a people-first approach to social engineering training and awareness that ensures people feel fully supported.
How It Works
Our social engineering penetration testing services begin with a detailed scoping session with you to identify key risks and what processes and procedures are currently in place to mitigate them. These processes and procedures should empower your staff to identify and prevent potential social engineering attempts.
- Relationship-Building Attacks - A long-term social engineering attempt that aims to build trust that can later be exploited, often in support of supply channel attacks.
- Baiting/ Luring - Physical media devices can are used to lure employees into connecting it to a computer system, often containing malware.
- Physical Intrusion - Disguising as an employee or employing other social engineering techniques to get access to the premises and to reach valuable information, plant listeners, plug in network devices within restricted areas of the target company.
- Impersonation - Disguising as an employee to get access to the premises and to reach valuable information, sometimes in restricted areas of the target company.
Once the assessment is complete the consultants will provide a detailed report alongside in- person or virtual workshops to help educate and support the organization. These workshops are designed to raise awareness around potential attack types and how they are conducted and provide simple steps to help mitigate these risks.
Our assessments cover all types of social engineering, whether on or off-site:
Once the assessment is complete the consultants will provide a detailed report alongside in- person or virtual workshops to help educate and support the organisation.
These workshops are designed to raise awareness around potential attack types and how they are conducted and provide simple steps to help mitigate these risks.
FAQs
Ready to Take the Next Step?
We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.