Social Engineering Testing
Social Engineering testing determines how easy it is for a malicious hacker to gain access to your critical information, by targeting the human element of your security.
Breaches of information security often comprise more than technical IT security failures, with research showing that almost half of all security breaches have a social engineering element alongside technical means.
We can combine Social Engineering with other forms of testing, for example, alongside a Penetration Test, to gain a comprehensive overview of both the human and the technical weaknesses within your organisation.
Bespoke Testing Scenarios
ECSC's Social Engineering Testing is led by Ian Mann, author of Hacking the Human, whose extensive experience in the field has enabled him to pioneer new approaches to social engineering testing, including the ECSC model of risk assessment, personalised attack vectors, and an in-depth results analysis.
We can take into account in-house training received by employees, company social media and email usage, use targeted phishing, and also measure the effectiveness of incident handling.
All our social engineering testing scenarios are bespoke, utilising a mix of remote and on-site testing to research, reveal, and review your vulnerabilities and risks that you may not be aware of, and test the effectiveness of any existing controls.
Once vulnerabilities are identified, we can help you quickly develop effective countermeasures that are on par with your level of likely risk in that area. While there will likely always remain a degree of human vulnerability, even after extensive training, systemic improvements can be implemented to create a barrier around the human vulnerabilities in your systems and decrease your exposure to risk. In addition, we can provide training to your staff to raise awareness of social engineering attacks and teach them how to react appropriately.