Social Engineering Assessment

Social Engineering continues to be a leading cause of cybersecurity incidents that results in data breaches, business operations disruptions, as well as ransomware and other malware payloads being deployed and detonated. Simply put, the human factor, company employees and other personnel, must be aware and regularly trained on cybersecurity social engineering tactics, techniques, and procedures. Additionally, organizations must implement relevant and updated training for their personnel, as well as implement security solutions that can help prevent or thwart social engineering attacks.

​

Polito Advantage for Social Engineering Assessments:

1. Tailored Approach and Reconnaissance:  Unlike other social engineering services that send generic phishing emails to targets, our team performs reconnaissance on target companies in order to tailor our social engineering efforts to their industry and relevant news. Our team also regularly performs targeted phishing and vishing assessments, where additional emphasis and effort is placed on performing reconnaissance for specific personnel of an organization. For example, our team can perform Spearphishing to target specific personnel and Whaling to target high value personnel, such as the company COO, board members, human resources executives, and more.
    

2. Variety of Social Engineering Services Offered:  Depending on the size of the organization or desired target list provided and client requirements, our team of expert cybersecurity consultant will recommend one or several social engineering services, including:

   • Phishing - sending malicious emails to targets purporting to be from a reputable source to have them perform an action, such as downloading malware, providing credentials, providing confidential information, and more.

   • Spearphishing - similar to Phishing but reconnaissance on specific targets is performed and malicious emails are further tailored to entice these specific targets to fall victim.

   • Whaling - similar to Spearphishing but for high value targets, such as company executives and personnel with access to sensitive information, such as HR executives, legal executives, etc.

   • SMS Phishing - sending malicious text messages to targets purporting to be from a reputable source to have them perform an action, such as providing credentials, providing confidential information, and more.

   • Vishing - similar to Phishing, but involves calling targets via phone calls instead of emails.

   • Pretexting - similar to Phishing but generally relies on purporting to be someone of authority or in a position that can manipulate a target; for example, pretending to be IT help desk personnel to gain target's credentials, or pretending to be a vendor to gain access to an office building.
      

3. Comprehensive Reporting and Remediation Guidance:  Upon completing our Social Engineering Assessment, we provide you with a comprehensive report that outlines how your organization's personnel performed, statistics regarding our social engineering campaigns (number of users who fell victim, what security training topics should be reviewed, if credentials were obtained, etc.), and recommendations to improve.
    

Polito's Social Engineering Assessment services will allow your organization to gain valuable insights into the cybersecurity awareness of your organization's personnel, how effective security training is that they've undergone, what opportunities are still present, and if employees are following company protocol to report suspicious activity. By addressing the human factor as it relates to cybersecurity, you minimize the risk of security breaches, protect sensitive data, and ensure the reliability and credibility of your organization.

​