Social Engineering

Social engineering is the use of deception or impersonation to gain unauthorised access to sensitive information or facilities. Unfortunately people are often the weakest link in an organisation's security, many of the good qualities we look for in human behaviour are the very same ones that can lead to compromise.

Risk management functions now recognise the need to consider the human factors in Information Security and many attackers are now actively engaged in hacking the human as this is a softer target than the technology now in many instances.

Although people have become more familiar with the term "social engineering" in recent years, this doesn't unfortunately mean that there are fewer successful social engineering attacks. In fact, the use of deception or impersonation to gain unauthorised access to sensitive information or facilities is increasing rapidly.

As computer security is becoming more sophisticated, attackers are combining their technical expertise with social engineering techniques to gain access to sensitive information or valuable resources within organisations.

We offer a full range of social engineering services and training. We can assess the vulnerability of your facilities to physical compromise, test your physical defences, and evaluate how susceptible your staff are to remote social engineering and phishing attacks allowing you to gauge how effective your security awareness training is.

We can train your staff in defensive techniques and educate them to the dangers of social engineering, which is particularly useful for executive’s personal assistants, receptionists, help desk and call centre operatives.

For those wishing to be educated themselves to test their own organisations we also offer an offensive course that teaches the techniques and methodology used to successfully gain unauthorised access to buildings and information, with a strong emphasis on the legal and ethical considerations associated with such knowledge.