WHAT IS SOCIAL ENGINEERING?
Social engineering is the manipulation of your employees in an attempt to gain access to sensitive information, systems or buildings. People are an essential and often overlooked component of a security system and can be the weakest link in the security solution of any organization.
Social engineering tests are designed to assess your physical and procedural security, as well as your employees’ security awareness and their susceptibility to falling victim to manipulation attempts.
A social engineering assessment typically consists of two phases: reconnaissance to build an understanding of the organization and the potential attack surface, and attack execution. Context’s consultants use their extensive experience in red team operations and social engineering to design effective campaigns, capable of delivering customized methodology and attack plans specific to each client.
SOME POTENTIAL ATTACK VECTORS THAT MAY BE USED DURING A SOCIAL ENGINEERING ATTACK INCLUDE:
- Phishing
- Pretexting
- Vishing
- Smishing
- Physical security assessment
- USB drops
- Custom scenarios
Context’s social engineering exercises allow you to:
- Identify risks and exploit weaknesses in your physical and cyber defenses
- Mimic real world attacker TTPs to attempt to compromise your organization
- Utilize a multi-layered attack approach for maximum impact
Download our social engineering whitepaper for more information: