A network is only as secure as its weakest link, which in many cases is the human component. An organization’s employees are frequently a target for attackers because they can accidentally open the door for an intruder when no other means of direct compromise exists. A social engineering test allows you to understand your employees’ degree of awareness towards these threats and evaluate where education and training programs may be enhanced.
This area is a personal favorite, allowing us to exercise creative concepts in efforts to obtain information that could lead to a compromise of your network by an intruder. Procedures are conducted to gather information and attempt to compromise the organization’s network by gaining user credentials from employees or tricking employees into running pseudo-malicious code.
Click here to view our blog post containing a narrative of an actual social engineering test conducted by IS Audits.