What is social engineering?
Social engineering describes an attack used by malicious individuals to gain privileged access to confidential information. Atacks are not driven by technological wizardry, but through social interaction. For example, impersonation to obtain a password, or a number of interactions aimed at obtaining sensitive financial information and bank account details.
Why do you need to conduct social engineering tests?
As computer defences become increasingly difficult to bypass, criminals are turning to other means to get the information they want. Picking up the phone to attempt data exfiltration is just as anonymous as using computer hacking tools to exfiltrate data; and criminals can reap rewards for very little effort. It is critical that organisations defend themselves against these sorts of attacks; and by simulating these attacks through a social engineering test, organisations can identify flaws fast and fix them.
- Protect your company’s profits and reputation – by avoiding financial disaster and negative publicity associated with a compromise of your systems by a social engineering attack.
- Peace of mind – that your people are secure; and won’t divulge sensitive company information.
- Gain a competitive advantage – professional social engineering tests are an emerging trend.
- Protection against compliance breaches – and subsequent regulatory fines and potential law suits.
- Evidence to support increased investments – in security awareness training.
- Independent expert assurance – that your social perimter cannot be breached.
Why use 2-sec for social engineering?
It is essential you choose an experienced social engineering partner provider with real-world knowledge that can help. 2-sec is a market leader trusted by hundreds of companies globally. Here’s why:
Fully accredited – We hold a range of accreditations both at a corporate and individual level including CREST , QSA, PA-QSA, Cyber Essentials Plus, IASME Gold, CHECK, CISSP, CISA, CISM, SANS-GIAC and CEH.
Access to a dedicated Customer Success Manager – We know that you’ll have a lot of questions throughout this process so you’ll have direct phone and email contact with your own go-to person.
Bespoke social engineering programme – We will develop a test that suits the business profile of your company no matter how big or small.
High levels of customer satisfaction and retention rates – Many of our clients have been with us since day one.
An industry leading expert in penetration testing – Our highly experienced security consultants have been performing penetration tests, social engineering and security assessments for more than two decades.
Innovative range of testing tools – If an open source or commercial tool doesn’t do the job, we write our own, using an experienced team of application security software developers. Our security testing lab comprises of some of the best security testing tools available.
We communicate clearly – Our mission is to ‘simplify security’ and we will communicate any issues or remediation recommendations in a clear and jargon-free way, understood both by your engineering and senior management teams alike.
Easy to understand reporting – We will provide you a detailed breakdown of all your results in an easily interpretable format.
Transparent proposals – With inclusive pricing so you get no unexpected surprises.
How we work
We follow a four step process:
We will work together to define the parameters and limitations of your social engineering exercise.
We carry out a series of internet, live and site-based tests, incorporating a broad range of attack methodologies.
Confidential debriefing including methods, sources, and step-by-step attack outlines that allow your company to know what you are doing correctly and where improvement is needed.
We will work with you to put together an improvement plan, to take you off the criminal radar with minimal impact on business as usual.