Testing the Human Factor

We understand that people are the central component of any company process and often the primary gateway to sensitive data and processes. We provide tailored social engineering engagements simulating real-world cyber attacks. Determine how employees react to such an event, identify potential weaknesses in incident response plans and improve overall cyber resilience.

Why Get a Social Engineering Assessment?

Social engineering assessments are a major aspect of many real-world cyberattacks. These types of attacks are becoming more sophisticated and frequent, and they can have serious consequences for your business.

Compliance

Social Engineering tests are mandatory in most of the regulations and regular assessments need to be performed to reach compliance and determine the effectiveness of anti-phishing training, email filtering, and other security controls.

1. Planning and Preparation

Align goals and share our unique testing plan. Review the plan, make final adjustments, and agree on a testing timeline. We work with your team to develop a plan for the engagement that takes into account your specific needs.

2. Execution and Testing

Deploy a variety of tactics and techniques to simulate real-world attacks on your organization. These actions are tailored to your specific goals and needs and are designed to test the effectiveness of your security controls.

3. Reporting and Remediation

We provide your organization’s employees the capabilities to better recognize and respond to social engineering tactics. Our deliverables will help you in evaluating the current state and take immediate actions.

Phishing Assessments

CybrOps’s phishing engagements go far beyond the automated tools found in many comparison services, providing highly targeted, sophisticated scenarios for each client. Using research on both the client organization and its employees, our security experts create sophisticated campaigns which ensure the best assessment of user education.

Vishing Assessments

Vishing attacks utilize voice phone calls to similarly coax a user into performing an unauthorized access, such as providing sensitive information or downloading an untrusted file. While these attacks are less common in the wild, vishing can be more effective when the attacker can establish an immediate, personal connection with the target users.

On-Site Assessments

While less well-known than email or phone social engineering, Rhino Security’s on-site assessments utilize specialized security professionals to perform engagements in person. Specific techniques include ‘baiting’ the area with infected USB drives, tailgaiting employees through locked doors, and creating fake company badges to gain access to sensitive areas.

Uncover employee vulnerabilities

CybrOps social engineers are able to physically compromise companies in 99% of all engagements. Find out if your employees or executives would fall for an advanced social engineering attack like spear phishing.

Uncover process vulnerabilities

At least half of USB drives dropped by CybrOps social engineers are opened. Discover how your employees would respond to an attack, and if device policies and training lead them to follow reporting guidelines.

Reduce risk

The click rate for opening malicious emails is still typically about 30%. Discover where your company is vulnerable and remediate flaws to prevent a real attacker from succeeding.