A social engineering assessment is designed to test if an attacker can mislead employees to obtain physical access into your organization and/or compromise their workstation to secure access into your internal network. Prior to beginning the social engineering assessment, we will work with your organization to develop goals for the assessment.
- Target Curation – Compile a list of employees from your organization and will gather as much information as possible including methods of contact.
- Scenario Development – Perform open source intelligence gathering (OSINT) and identify recent news stories, policies or programs within your organization, or any other information to create a social engineering scenario that would entice your employees to carry out an action we request
- The Test – FortyNorth Security can carry out the social engineering assessment via a variety of methods:
- E-Mail based social engineering
- Phone call based social engineering
A social engineering assessment enables organizations to assess if employees could provide unintended access to an attacker and identify the level of risk that it would expose. Social engineering assessments will also allow your organization to test the security procedures you’ve implemented to protect your assets and employees against an attacker attempting to thwart your defenses.