Social Engineering in the field of IT is the practise of exploiting social interactions with personnel to obtain privileged information about an IT environment. This information could be anything from obtaining passwords to finding out which personnel have the required security clearance to access certain areas, and has been used by countless attackers to circumvent components of even the most sophisticated information systems. Companies continue to protect themselves through an emphasis on advanced IT security systems, and while this is good, the threat of social engineering is often forgotten.
Beside than the fact that Information Systems are becoming increasingly complex, one of the key reasons that Social Engineering is so heavily utilized is its low cost to benefit ratio. It can be much faster to simply pick up a phone, pretend to be someone else and ask for a password than it would be to scour source code for any small weakness in IT systems.
Targeted individuals do not usually suspect that they are or could be a victim of social engineering, yet the impact of divulging even small, seemingly meaningless pieces of information can be disastrous. This data can be accumulated and used to assume identities of employees and fish for even more valuable information by phone and email, gain access to buildings and restricted areas, plant rogue network devices and continuously monitor data traffic.
SMT’s Social Engineering is a vital element of a complete penetration test. Once the scope of the testing and accompanying success criteria’s have been determined, our experts will perform any number of social engineering tactics to try and gain access to defined in-scope systems.
SMT will only perform these tests in areas that have been agreed upon contractually. Any in-scope data extracted or handled during the process will be securely deleted.
To ensure that your systems are not only technologically sophisticated but are also secured against social exploitation, contact us and find what needs to be done to pinpoint your greatest organisational security vulnerabilities.