PEOPLE & PROCESSES
For every organization, people and process form the most important part of the success or failure of the orgniaztion. If Security awareness to the people and proper scrutiny of the processes is not done, then risks are bound to be found.
INFORMATION TECHNOLOGY
Technology is the driving force to any organization and thus assessment of the technology is key to esnure it meets the busniess objectives. The technology should maintain the C.I.A (Confidentiality, Availability & Integrity) triad to the business.
PHYSICAL SECURITY
As the organizations have grown, they have also invested huge on physical ammenities such as buildings and put security controls like CCTVs, Guards and locks. This security controls allows only authorized personel in to the buildings. But cyber attackers are still compromising.
Assessment Methodology
While technical risks are often the primary focus during a security audit or a penetration test, many times malicious attackers target employees directly tricking them into providing passwords or downloading malware.
These attacks – Also known as SOCIAL ENGINEERING – can range from simple email phishing to sophisticated campaigns using multiple communication techniques. Yelbridges offers a range of expert-driven social engineering engagements for testing both employees and technical controls using various techniques such as traditional spearphishing attacks, Vishing (Voice calls), on-site assesment using some advanced Pentesting tools from Hak5 or attepting access into the physical building. We have trained experts ready to test all your security controls in unconventional and conventional methods.
Assessment Types
ASSESS EMPLOYEE SUSCEPTIBILITY
Our team conducts Recon on staff to determine the amount of information they can divulge critical to the organization. This involves one-on-one Social Engineering engagements with the staff as well as technical. The exercise also checks if the staff can aid in authorizing access to business critical data and infrastructure.
PHISHING, VISHING & SPEARPHISHING TESTS
Through both traditional methods – Phishing, spearphishing – and other techniques such as Vishing, one-on-one S.E engagements etc, our team tests the user awareness level on matters cyber security through technical engagements to see if they verify or follow through the organizations set policy guidelines.
ASSESS TECHNICAL CONTROLS
The convectional method of pentesting or security audits fall on checking for risks and vulnerabilities existent on systems. However, attackers are getting smarter and are abusing the business logic of applications as an authorized entity. To test this, the team checks if there are applications business logics that can be abused.
ASSESS REMOTE SITES SUSCEPTIBILITY
The growth of organization have seen them open remote sites that facilitate staff to continue working away from the HQ, this has created a weaker link in most organizations as attention is on the HQ leaving the branches vulnerable. The SE assessments quantifies the risks from the remote sites for organizations to pay attention to the high risk branches.
PHYSICAL SECURITY ASSESSMENT
CCTV cameras are in every part of many organizations together with physical access control mechanisms such as locks and security guards. But how vigilant are the guards to attckers carrying computers? how often are CCTVs reviewed to identify suspecious activities? How good are the locking mechanisms?
Choose your plan
As a start, lets scale on how the social engineering assessment can be done, choose from our flexible plans and get a report on how GOOD or EXPOSED your organization is.
premium
Kes 650,000
- Asssess HQ
- Cover 70% of branches
- All 5 types included
- Report in 42 business days