Social engineering is a type of cyber security attack that uses social engagement deception to convince individuals to provide confidential or otherwise valuable information to cyber criminals.
Frontline Social Test creates conditions and scenarios that lure personnel into engagement – just as if driven by a crafty cyber attacker. Social engineering tactics and techniques can include phishing calls, targeted emails, and more. Findings are used to educate employees on how to become more astute at discerning legitimate human engagement from trickery.
The Issue
Social engineering is one of the key ways attackers can gain access to or information about your organization. People are the weakest link in the daily management of network security. To mitigate this, Digital Defense offers an examination into the security awareness and practices of your employees and suppliers through Frontline Social Test™.
The Solution
Digital Defense offers several Social Test options, depending on your organization’s needs, preferences, and resources.
Remote Social Engineering Test
Remote Social Engineering is ideally performed on a semi-annual basis to provide an accurate representation of your employees’ security awareness. It includes a wide range of attacks, each specially designed to give important information on employee reactions.
There are several options for remote social engineering:
Option 1: Phone-based Phishing
Digital Defense will place calls to your internal staff members and, upon request, to your suppliers to assess their security awareness. We specifically attempt to obtain information that could be used to gain unauthorized or falsely authorized access to your network resources or data.
Option 2: Vishing
Digital Defense will send targeted emails with an action request for the user to call a local number for more information. Digital Defense answers the call and conducts social engineering (i.e. “vishing”). We specifically attempt to obtain information that could be used to gain unauthorized or falsely authorized access to your network resources or data.
Option 3: Web-based Phishing
Digital Defense will send targeted emails with an action request for the user to visit a website which is designed to elicit sensitive information (i.e. phishing). This method involves creating a custom website which looks and feels like your intranet or public site and then capturing the input provided.
Option 4: Email-based Phishing
Digital Defense will send employees targeted emails with an action request for the user to reply back to the message with information (i.e. phishing). Data is then captured and analyzed for sensitivity
USB Drops (physical initiation and remote analysis)
Digital Defense will obtain USB drives and load them with custom-developed software that, when inserted into a computer, will auto run and transmit the username, hostname, and IP address in a secure fashion to Digital Defense. The intent is to determine how susceptible staff are to opening these USB drives. Digital Defense will report on the number of incidents of users running this software, the associated user name, system name, and IP address.
Onsite Social Engineering
Onsite Social Engineering is ideally performed annually to provide an accurate and more thorough representation of your employees’ security awareness.
Digital Defense uses several on‐site testing methods, including:
- Attempts to gain physical access to the premises
- Obtaining records, files, equipment, sensitive information, network access, etc.
- Attempts to garner information to permit unauthorized network access
Result Are Key
Many benefits to clients can be gleaned from Frontline Social Test, such as:
- Identification of gaps in security policies and personnel awareness
- Balancing of investments in security technology versus personnel training
- Identification of the absence of necessary physical safeguards
Our social engineering testing solutions support organizations in achieving compliance with the following regulatory guidelines:
- GLBA
- NCUA
- HIPAA
- SOX
Cybersecurity Reporting
With both forms of testing, Digital Defense will provide a formal softcopy report of all evaluation findings, which can be used for internal review, planning purposes, and regulatory examinations.
Tips for Preventing Social Engineering
Hackers get more sophisticated each day. You can guard against a social engineering attack through diligence and education of your staff.
Here are a few tips:
Social platforms like Facebook, LinkedIn and Twitter are a treasure trove of personal and corporate information. Using these sites, a social engineer can gain knowledge that can be used to plan and launch an attack against an individual or an entire company. Employees should be made aware of company social media policies and divulging information that could open the door for a social engineer.
Social Engineers employ a method referred to as piggybacking or tailgating – following closely behind a legitimate or authorized employee to gain physical entry into a restricted area or pass a security checkpoint. Employees should be educated on procedures to validate the credentials of those requesting access on premise to a work location and within the premise to areas housing sensitive information.
Phishing is a popular form of social engineering. For instance, a hackers may craft an email that appears to be from an internal source requesting the recipient take action by clicking on a link that subsequently introduces malware into the organization. Be wary of email messages from unknown recipients and don’t click on links without proper validation of the source.
Get a Quote
Learn how you can leverage Digital Defense solutions to reduce your attack surface. Contact us today.
Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners. | Privacy Policy | Cookie Policy | Sitemap