Our expert staff is standing by to answer your questions

Social Engineering Assessments

A social engineering assessment is a simulated test which aims to measure the information security awareness levels of an organization’s personnel by exploiting its employees natural humanly tendencies of trust, friendliness, pre-conceived assumptions, authoritative biases, emotional needs, among others. In Social engineering tests, the assessment team attempts to make direct contact with targets, either by telephone or in person or sometimes even through physical access of restricted areas within the organization.

The assessment uses psychological manipulation to deceive people into performing adverse actions like clicking on fabricated links, opening malicious attachments, sharing personal details and divulging confidential information about the organization. During the test, the social engineering team develops user-context specific pretexts that are familiar to targeted employees, and then uses their trust to lure them into taking unwarranted actions. Such tests often completely bypass technical security controls.

The ultimate impact of a real-world social engineering includes complete compromise of organization including business data, employee information, emails, credentials, source code, customer data, etc.

Our Coverage

The GRC360 Social Engineering services assist our customers in assessing the ability of the organisation’s systems and personnel to detect and respond to targeted social engineering attacks. The assessment is planned in close coordination with the customer point of contact to ensure that the testing is performed in a controlled manner. By simulating the tactics, techniques and procedures (TTP’s) used by adversaries, our comprehensive assessments aim to review the technical/process/people controls implemented within the organization. The outcomes from such assessments include:

  • Identify employee-behavioural risks that may lead to sensitive information leakage
  • Gain an understanding of the organization’s digital footprint and information exposure in public domain
  • Understand effectiveness levels of technical controls to detect and respond to such attacks
  • Highlighting weaknesses in employee cyber security awareness
  • Recommend context-specific solutions to improve human behaviour and sensitivity towards cyber security

The various types of social engineering services that we provide, include:

  • Spear Phishing – by using a generic or targeted email campaign
  • Voice Phishing – by using a targeted Phone-based social engineering campaign
  • SMS Phishing – by using a targeted SMS-based social engineering campaign
  • Tailgating – by following employees to access restricted areas.
  • Chat Phishing – by using social engineering through popular messaging/chat services
  • Physical bypass – by using techniques to gain physical entry

Our Methodology

The flow of our social engineering assessment is as follows:

  • Information gathering and OSINT
  • Target profiling and finalizing Attack mode
  • Launching the test
  • Analysis of test results
  • Reporting

Our Benchmarks

Based on the requirements of our customers, our social engineering assessments are designed to meet user awareness evaluation and training requirements of benchmarks such as:

  • ISO 27001:2013
  • Cyber Security Guidelines from Regulatory Authorities

Why Choose us?

  • Rich experience of conducting social engineering assessments across large organizations across industry verticals including BFSI, Healthcare, Information Technology, logistics, shipping, Aviation, etc
  • Highly trained and experienced social engineering experts who provide a customized experience to each customer
  • Comprehensive reports that help our customers to have an in-depth understanding of test results along with business impacts
  • Vast experience of our experts in designing long-term awareness campaigns to enhance information security culture within the organization.