While technical risks are often the primary focus during a security audit or a penetration test, many times malicious attackers target employees directly tricking them into providing passwords or downloading malware.
These attacks – Also known as SOCIAL ENGINEERING – can range from simple email phishing to sophisticated campaigns using multiple communication techniques. Yelbridges offers a range of expert-driven social engineering engagements for testing both employees and technical controls using various techniques such as traditional spearphishing attacks, Vishing (Voice calls), on-site assesment using some advanced Pentesting tools from Hak5 or attepting access into the physical building. We have trained experts ready to test all your security controls in unconventional and conventional methods.
ASSESS EMPLOYEE SUSCEPTIBILITY
Our team conducts Recon on staff to determine the amount of information they can divulge critical to the organization. This involves one-on-one Social Engineering engagements with the staff as well as technical. The exercise also checks if the staff can aid in authorizing access to business critical data and infrastructure.
PHISHING, VISHING & SPEARPHISHING TESTS
Through both traditional methods – Phishing, spearphishing – and other techniques such as Vishing, one-on-one S.E engagements etc, our team tests the user awareness level on matters cyber security through technical engagements to see if they verify or follow through the organizations set policy guidelines.
ASSESS TECHNICAL CONTROLS
The convectional method of pentesting or security audits fall on checking for risks and vulnerabilities existent on systems. However, attackers are getting smarter and are abusing the business logic of applications as an authorized entity. To test this, the team checks if there are applications business logics that can be abused.
ASSESS REMOTE SITES SUSCEPTIBILITY
The growth of organization have seen them open remote sites that facilitate staff to continue working away from the HQ, this has created a weaker link in most organizations as attention is on the HQ leaving the branches vulnerable. The SE assessments quantifies the risks from the remote sites for organizations to pay attention to the high risk branches.
PHYSICAL SECURITY ASSESSMENT
CCTV cameras are in every part of many organizations together with physical access control mechanisms such as locks and security guards. But how vigilant are the guards to attckers carrying computers? how often are CCTVs reviewed to identify suspecious activities? How good are the locking mechanisms?