Let’s check your defenses and put the ‘human error’ to the test
We create awareness among your employees so they deal more consciously with security matters. There are still a lot of human errors that can be avoided, e.g. clicking on unsecure links, social engineering… No matter how strong your technical defenses are, one human mistake could mean: game over!
Social engineering
People have a natural tendency to avoid confrontation. Consequently, gaining access to a secure facility is often as easy as following someone through a door.
During a physical social engineering assessment, the objective is to determine whether an attacker can (quickly) gain physical access to an organization’s premises, capture sensitive information, and access internal systems. Afterwards, advice is provided on how to counter these types of attacks best.
Vishing
Vishing is a hyper-personalized phishing attack via phone calls to extract or plant valuable information during onsite visits.
For example: one of our employees will call the helpdesk and impersonate an employee in an attempt to retrieve a password reset and gain access to the account. Or vice versa where we call employees and pretend to be the companies helpdesk and retrieve sensitive/personal information.
USB drop
A USB drop exercise is intended to test the maturity level and increase the awareness amongst employees about the dangers of USB devices.
We will prepare multiple USB devices that, once plugged in, perform a callback to our servers and scatter them around at you premises. Afterwards we can provide statistics about the amount of devices that were plugged in, timeframe, etc. These exercises are often combined with physical social engineering attempts.