Frontline Social Test creates conditions and scenarios that lure personnel into engagement – just as if driven by a crafty cyber attacker. Social engineering tactics and techniques can include phishing calls, targeted emails, and more. Findings are used to educate employees on how to become more astute at discerning legitimate human engagement from trickery.
Social Engineering
Frontline Social Test
Social engineering is a type of cyber security attack that uses social engagement deception to convince individuals to provide confidential or otherwise valuable information to cyber criminals.
The Issue
Social engineering is one of the key ways attackers can gain access to or information about your organization. People are the weakest link in the daily management of network security. To mitigate this, Digital Defense offers an examination into the security awareness and practices of your employees and suppliers through Frontline Social Test™.
The Solution
Digital Defense offers several Social Test options, depending on your organization’s needs, preferences, and resources. Phone Based, Vishing, Web Based, Email Based, USB Drops, Physical Access, and Info Gathering.
Click here to edit.
Remote Social Engineering
Remote Social Engineering is ideally performed on a semi-annual basis to provide an accurate representation of your employees’ security awareness. It includes a wide range of attacks, each specially designed to give important information on employee reactions.
Email Phishing
We will send employees targeted emails with an action request for the user to reply back to the message with information (i.e. phishing). Data is then captured and analyzed for sensitivity
Phone Phishing
We will place calls to internal staff members and, upon request, to your suppliers to assess their security awareness. We specifically attempt to obtain information that could be used to gain unauthorized or falsely authorized access to your network resources or data.
Web Phishing
We will send emails with an action request for the user to visit a website which is designed to elicit sensitive information (i.e. phishing). This method involves creating a custom website which looks and feels like your intranet or public site and then capturing the input provided.
Vishing
We will send targeted emails with an action request for the user to call a local number for more information. We specifically attempt to obtain information that could be used to gain unauthorized or falsely authorized access to your network resources or data.
USB Drops
We will load USB drives with custom software that, when inserted into a computer, will auto run and transmit the username, hostname, and IP address in a secure fashion back to us. The intent is to determine how susceptible staff are to opening these USB drives.
Onsite Social Engineering
Onsite Social Engineering is ideally performed annually to provide an accurate and more thorough representation of your employees’ security awareness. Digital Defense uses several on‐site testing methods, including:
- Attempts to gain physical access to the premises
- Obtaining records, files, equipment, sensitive information, network access, etc.
- Attempts to garner information to permit unauthorized network access
With both forms of testing, Digital Defense provides a detailed report with all methods employed and weaknesses discovered.
Results
Many benefits to clients can be gleaned from Frontline Social Test, such as:
- Identification of gaps in security policies and personnel awareness
- Balancing of investments in security technology versus personnel training
- Identification of the absence of necessary physical safeguards
Digital Defense will provide a formal softcopy report of all evaluation findings, which can be used for internal review, planning purposes, and regulatory examinations.
Our social engineering testing solutions support organizations in achieving compliance with the following regulatory guidelines:
- GLBA
- NCUA
- HIPAA
- SARBOX
Don't be apart of the next security breach
Sign up for a no obligations Cybersecurity Audit & Software Trial
-
Outside/In approach
-
Pen Tests & Assessments
-
Once inside the organization implement some/all of the following:
-
Firewall
-
IDS/SPS (Either on FW or separate device)
-
AV
-
SIEM Solution
-
Filters (Various - Web, Content, SPAM, etc.)
Enterprise Security Monitoring for the Financial Industry
Why, in 2014, does it seem that companies started falling victim to hackers left and right? These were not ordinary companies but major retailers to banking institutions all with large security budgets intended to maintain our financial security.
Contact ATI
Want to get a quote, audit, or learn more about Social Engineering? Dont hesitate to fill out the form below.
Not Ready to Buy? Teach Me Till I'm Ready.
Not an urgent need, but would still like to learn more for future initiatives? No problem. Click the “Learn More” link below to sign up for periodical whitepapers, case study’s, infographics, and videos. on the product of your choice.