An Explanation Of What A Social Engineering Exercise Is
Social Engineering is one of the most valuable tools available to the Information Security Specialists here at Ezentria when it comes to determining the exact nature and security level of your vital information during the course of a normal work day. Rather than a traditional Information Security Assessment, this type of testing method is designed to assess the level of training and knowledge your employees possess when it comes to ensuring the security of your vital information and data.
By definition, Social Engineering is a type of confidence trick involving the psychological manipulation of a company’s employees into divulging sensitive information, or the credentials necessary for the con artist to access it themselves remotely. Most cons of this type center around the con artist making an employee of a company think that they are either an employee themselves, or a representative of a vendor.
By establishing this facade, it is often surprising what they can learn from unsuspecting employees! In fact, one noteworthy former social engineer, Kevin Mitnick, once stated that it was easier to use the principles of social engineering to convince an employee to give him the password to a vital information system than it was to spend the effort to hack past its defenses.
The Many Benefits Of Holding A Social Engineering Exercise
A Social Engineering Exercise is where an Information Security Specialist from Ezentria takes on the role of a social engineer and attempts to infiltrate your company and manipulate your employees into willingly giving them either some form of sensitive data, or the log-in credentials necessary to access such information. The goal is to assess the level of training and security awareness present within the employees of a company. After all, even the most well-constructed Security Policy is nothing but wasted paper if employees do not follow its guidelines. At the end of this exercise, you will know whether your employees are properly trained at how to protect sensitive information.
Alternatively, as a provider of Information Security Services, Ezentria can also advise of how to utilize a Social Engineering Exercise as a means of reinforcing positive information security behaviors, rather than auditing against poor standards. Let us know which type of exercise you are interested in, and we will make it happen.