Is everyone familiar with social engineering testing? It’s a test of the natural tendency of a person to trust another person’s word, rather than exploiting actual computer security holes.
Users are generally the “weakest link” in an organization’s security. Social engineering tests the effectiveness of an organization’s policies as well as employee security awareness.
Testing can be done on-site or remote. On-site testing usually has its share of funny stories. This is a good test of the organization’s physical security, check-in policies, badging, escorting, etc. Usually a “get out of jail free” card is issued the tester(s) in case authorities are summoned. Not a bad thing – it means the security-aware employee was doing their job.
Remote testing can involve telephone, carefully crafted email messages, fake websites, etc. All in an attempt to coerce the organization’s employees into revealing sensitive information or granting unauthorized access, in violation of established policies.
There’s a bit of pre-work involved:
- Information collection, such as names of key IT staff members, credentials, system information, location of systems or data, etc. using public sources
- Sometimes entire websites are built to resemble the organization’s website or a site that the testers will be trying to engage the employees to visit
- Crafting convincing email(s) and/or scripts
The testing can be performed blind (with no previous knowledge or assistance) or in a collaborative manner with the project sponsors.
Nancy Sykora
Sr. Account Executive
Enhance your security strategy to address your changing working environment and risk profile due to COVID-19. HALOCK is a trusted cyber security consulting firm and penetration testing company headquartered in Schaumburg, IL in the Chicago area servicing clients throughout the United States on reasonable security strategies.
 |  |
 |  |
 |  |
© 2024 Halock. All rights reserved.
Privacy Policy Terms of Use Site Map
Schaumburg, IL 60173