Sociotechnical test (PHISHING)

This type of penetration testing is carried out using social engineering methods. The main purpose of the test is to identify the level of awareness of the customer’s personnel about information security requirements. During the testing process, the reaction of users and information security personnel to organizational penetration methods used by attackers is tested.

Social engineering methods are often used by attackers and are usually aimed at end users. As a result of a successful attack, an attacker can gain control of workstations, obtain confidential customer documents, use customer resources to organize attacks on the systems of other companies, send spam, etc.

Organizational aspects of information security are the most important component of the protection system and, often, ordinary users are the weakest link. This service will allow us to identify those organizational aspects of information security that the customer should pay attention to first.

The results obtained during the course of this service can become the basis for the development of a Security Awareness Program, with enhanced focused on the problem areas identified during testing. This service is also used for testing the effectiveness of an existing Customer Awareness Program.

In general, the order of work is as follows:

Social engineering methods that will be used to conduct the test are agreed upon with the customer in advance. The following methods can be used:

  • Distribution of email/IM messages on behalf of anonymous users and customer employees, containing links to web resources with executable code, containing executable code in the body of the letter, containing a request to change passwords, share passwords or personal information, etc.
  • Spot check of the implementation of the “clean desk” policy (sticky notes with passwords that are not locked in the absence of the console user, the presence of confidential documents in the office accessible to visitors, cell phones and PDAs left unattended);
  • Calls to users on behalf of IT and information security personnel with requests to obtain/change passwords, send confidential documents, etc.
  • Identifying user groups to be targeted and tailoring testing methods for each group.
  • Analysis and consolidation of the results of various tests.

The result of the work will be a report containing:

  • Conclusions for management, containing an overall assessment of the level of user awareness.
  • Test procedure.
  • List of key problem areas (including information on all user activities in each target group).
  • Recommendations for eliminating identified vulnerabilities.

Protect your business - We are ready to help

Contact Us

Our Services

Our company provides the following services:

Consulting and support

Primary technological and basic checks in the field of information security. Inspection of the network architecture, security systems, access rights. Construction of a risk map.

More Details

Penetration Tests

This test identifies existing vulnerabilities in the infrastructure in order to formulate recommendations for their elimination.
 

More Details

Phishing Security Test

Testing using social engineering methods. The purpose of the test is to identify the staff’s level cyber security threat awareness.
 

More Details

Cyber training and practice

Lectures and trainings on staff awareness of information security threats, as well as trainings on secure development for programmers.
 

More Details

Information Security Audit

Checking the security of the company according to the protocol. The purpose of the audit is to show in which areas of information security there are shortcomings and how to correct them.

More Details

Incident Investigation

When a cyber incident occurs, it is important to understand exactly what happened and how, and to address the causes and gaps in the firm's information security.

More Details

About us in numbers

Since 2010, we have done a lot of work. This includes penetration tests and security audits, risk management, incident investigations, as well as consultations and solution design.

0

Years of experience

> 0

Projects completed

0

Happy Clients

0

Cups of Coffee