T-Plaza, 4th Floor, Thika, Kenya
+254 703 412 771

Social Engineering Assessment

Do Your Business, We Secure

PEOPLE & PROCESSES

For every organization, people and process form the most important part of the success or failure of the orgniaztion. If Security awareness to the people and proper scrutiny of the processes is not done, then risks are bound to be found. 

INFORMATION TECHNOLOGY

Technology is the driving force to any organization and thus assessment of the technology is key to esnure it meets the busniess objectives. The technology should maintain the C.I.A (Confidentiality, Availability & Integrity) triad to the business. 

PHYSICAL SECURITY

As the organizations have grown, they have also invested huge on physical ammenities such as buildings and put security controls like CCTVs, Guards and locks. This security controls allows only authorized personel in to the buildings. But cyber attackers are still compromising.

Assessment Methodology

While technical risks are often the primary focus during a security audit or a penetration test, many times malicious attackers target employees directly tricking them into providing passwords or downloading malware. 
These attacks – Also known as SOCIAL ENGINEERING – can range from simple email phishing to sophisticated campaigns using multiple communication techniques. Yelbridges offers a range of expert-driven social engineering engagements for testing both employees and technical controls using various techniques such as traditional spearphishing attacks, Vishing (Voice calls), on-site assesment using some advanced Pentesting tools from Hak5 or attepting access into the physical building. We have trained experts ready to test all your security controls in unconventional and conventional methods. 

Assessment Types

ASSESS EMPLOYEE SUSCEPTIBILITY

Our team conducts Recon on staff to determine the amount of information they can divulge critical to the organization. This involves one-on-one Social Engineering engagements with the staff as well as technical. The exercise also checks if the staff can aid in authorizing access to business critical data and infrastructure. 

PHISHING, VISHING & SPEARPHISHING TESTS

Through both traditional methods – Phishing, spearphishing – and other techniques such as Vishing, one-on-one S.E engagements etc, our team tests the user awareness level on matters cyber security through technical engagements to see if they verify or follow through the organizations set policy guidelines. 

ASSESS TECHNICAL CONTROLS

The convectional method of pentesting or security audits fall on checking for risks and vulnerabilities existent on systems. However, attackers are getting smarter and are abusing the business logic of applications as an authorized entity. To test this, the team checks if there are applications business logics that can be abused. 

ASSESS REMOTE SITES SUSCEPTIBILITY

The growth of organization have seen them open remote sites that facilitate staff to continue working away from the HQ, this has created a weaker link in most organizations as attention is on the HQ leaving the branches vulnerable. The SE assessments quantifies the risks from the remote sites for organizations to pay attention to the high risk branches. 

PHYSICAL SECURITY ASSESSMENT

CCTV cameras are in every part of many organizations together with physical access control mechanisms such as locks and security guards. But how vigilant are the guards to attckers carrying computers? how often are CCTVs reviewed to identify suspecious activities? How good are the locking mechanisms? 

Choose your plan

As a start, lets scale on how the social engineering assessment can be done, choose from our flexible plans and get a report on how GOOD or EXPOSED your organization is. 

premium

Kes 650,000

  • Asssess HQ
  • Cover 70% of branches
  • All 5 types included
  • Report in 42 business days
Get Started
×

Powered by WhatsApp Chat

× WhatsApp Us...