Social Engineering Overview
Attackers often target the human element in an enterprise in order to travel a path of least resistance to valuable data. Social Engineering, the act of manipulating people into providing assets or access, is often a difficult problem to tackle, as technology solutions which help mitigate risk from this attack vector are often incomplete.
URU's social engineering testing services provide unique opportunities, not only to measure an enterprise’s response to sophisticated social engineering attacks, but to also provide valuable experiences that can be used to create very engaging and effective end-user training. URU performs sophisticated Social Engineering services with the following principles:
Highly customized campaigns
A standard component of Social Engineering includes designing a social engineering campaign that will meet the specific customer needs. This can vary from large campaigns designed to raise overall awareness to very focused and tactical campaigns aimed at fully assessing the effectiveness of countermeasures and susceptibility to social engineering attacks.
Useful metrics
URU has developed a standard Social Engineering process that measures several meaningful data points across campaigns that can provide useful metrics for validating the effectiveness social engineering countermeasures.
Enhanced user awareness
One of the most effective ways to effectively mitigate the threat of social engineering is overall user awareness. Periodically performing social engineering exercises provides an excellent opportunity to raise end-user awareness, through both the experience of simulated attacks and integration of social engineering activities into ongoing training and awareness efforts. Periodic testing also provides meaningful trending metrics for management staff.