While news of the latest cyber-attack are headlines in the security world, it has been revealed that the biggest threats to a company’s security lies much closer to home with their employees. While employees don’t necessarily have to be malicious to put the company at risk, they may not understand the security risks associated with their behavior and their role in protecting business critical information.
Social engineering has become one of the prevalent attack methods in use today, and social engineering test assessments are now a must for organizations to understand the real-world threats to their business. These assessments can help identify the potential holes in the “human network” to prevent information breaches and to strengthen the company’s security and compliance posture.
Employees represent a possible weak link in security for many organizations. The Social Engineering Test Assessment is designed to complement Ingram Micro’s Network Penetration Test and Web Application Vulnerability Assessment by attempting to convince your employees to divulge sensitive information through the use of emails and phone call scripts customized to your company.
The assessment can help your clients establish the current state of security awareness among their personnel as well as determine gaps in policy, procedure, enforcement and security awareness training.
The security tests performed during the assessment include a mix of automated and manual tests in conjunction with customized scripts that address:
- Telephone Impersonation – Experts will contact a designated list of employees with a script intended to persuade them to give credentials or other sensitive information.
- Email Phishing – Emails are sent to designated employees in order to persuade them to perform an action like clicking on a link within the email or to provide sensitive information over the email.
At the conclusion of the assessment, a final report that details the number of employees who were convinced to provide sensitive information or click an unknown email link will be provided along with recommendations for the clients to educate their employees about safer behaviors. A discount towards Ingram Micro’s CyberSAFE 1/2-day employee training program will be made available.
- Build an expanded security practice with additional security assessment offerings
- Build “trusted advisor” relationship with customer by identifying risks before it becomes a problem
- Unbiased, third-party assistance designed to achieve the best possible outcome for the customer
- Increased margins through an expanded services portfolio
- The average consolidated total cost of a data breach is $3.8 million, representing a 23 percent increase since 2013.
Ponemon Institute’s 2015 Global Cost of Data Breach Study
- Employees are the most cited-culprits of security incidents.
The Global State of Security Survey® in 2016
- User’s careless behavior when using the internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure.
Cisco 2015 Annual Security Report
- Identify potential weak points so that the organization can improve their policies minimizing the impact on the business.
- Measure the effectiveness of employee security awareness.
- Gain understanding of real-world risks to the organization from the perspective of an attacker, going beyond the limitations of automated scanning.
- Employees develop an enhanced level of awareness and diligence in protecting business-critical information.