Social Engineering Testing Service
The Razorthorn Approach
As of 2020, in 95% of all tests, we have managed to obtain sensitive information employing social engineering techniques.
We will find out how susceptible your employees are to being manipulated or tricked into taking actions or divulging confidential information. Social engineering scams are designed to manipulate a user’s behaviour. The most successful attacks are those where the hacker plays on, and takes advantage of, what motivates the victim’s actions (e.g. fear).
We treat the testing as a real hacker would – we gather as much open source information on your organisation as possible prior to any engagement, through thorough information gathering via sources also open to hackers. During a Social Engineering Test, we perform a wide range of computer and phone based tests, using a range of techniques used by real hackers.
The only difference between a real attack and our social engineering testing service is that testing is done with the explicit written consent of the client and the purpose is to produce a comprehensive report and close down security holes before a real attacker can exploit them.
The Benefits of Social Engineering Testing
- Even with the best IT security, employees can still be tricked into giving out sensitive information.
- We are able to find out if your employees would:
- Be able to identify scams that look as though they are sent from co-workers or management
- Be tricked over the phone, for example if an attacker impersonates law enforcement
- Download attachments or open them – unintentionally spreading ransomware
- Be aware of the type of threat they may face on a daily basis.
- If your organisation holds any customer information or confidential data, testing can give you peace of mind that employees can’t be tricked into compromising its safety
- A breach of data can not only be costly in terms of fines, but more damaging still can be the damage to your organisation’s reputation
- Pro-active security is a lot more cost effective than re-active security
We recommend that a full audit is completed at least once a year – ideally 2 to 4 times a year. The results should flow into a company Security Policy.
Cyber Awareness Training
We recommend regular user education, which we can also provide in the form of online Cyber Awareness Training.
More About Social Engineering
Want to learn more about why hacks using social engineering are so successful? Or what techniques hackers often use? Check out our blog post.