Social Engineering Risk Assessments
Understand the risks facing your organization when it comes to common fraud schemes with our social engineering assessments.
Social Engineering Risk Assessment Solutions
Your employees are the best defense against many cyberattacks, but the human element is often the weakest link in any security system. All it takes is one person to click a rouge link or act in an unauthorized manner to compromise the entire organization. Discover how your employees respond to common social engineering attack methods with our customized risk assessments.
Find gaps in employee training
Get a better understanding of your employees’ security knowledge and discover where more training or resources are needed to bolster the overall security of your organization.
Practice real-world situations
Foresite crafts and attempts common real-world social engineering attacks to discover exactly where you’re most vulnerable, helping you to determine a proactive training plan to thwart real attacks.
Scalable for any organization
Phishing, Smishing, spear phishing, media drops. Our experts work with you to craft a social engineering risk assessment that fits your in-person, remote, or hybrid organization.
Protect your data, people, and brands
Our comprehensive approach to social engineering risk assessment means we help you stay ahead of the latest attacks. We assess your risks and vulnerabilities and offer a customized set of recommendations that will work to protect any workplace regardless of size or location.
Prevent social engineering attacks with proactive risk assessments
Social engineering attacks can take on many forms. Traditional cybersecurity assessments are designed to test your technology, but your systems are only as secure as the people who operate them. Foresite offers a variety of social engineering risk assessments that are customized to your organization and designed to help you identify where to focus your training and resources.
Email phishing
From clicking on potentially malicious links to compromising credentials via a fake website, email phishing is one of the most common ways hackers can compromise your business. Test your employees’ knowledge and compliance with security procedures in response to common ruses delivered via email with an email phishing risk assessment. Foresite will emulate common types of phishing attacks by sending emails to in-scope users in your organization attempting to request information such as usernames, passwords, and other sensitive data in a secure and controlled method.
Phone social engineering/Vishing
Not all hacking attempts begin on a computer. Phone social engineering attacks attempt to gain the target’s confidence and convince them to act or provide information that could compromise your organization. In this risk assessment, Foresite professionals will target in-scope personnel to identify what information and access can be gained through common phone social engineering ploys.
SMS phishing/Smishing
Hackers have evolved with technology moving from simply sending malicious emails to now targeting organizations through employee cellphones. Like traditional forms of phishing, smishing attacks are aimed at installing malicious code or securing sensitive data from unwitting targets. Foresite helps organizations understand where they are most vulnerable to SMS phishing attacks.
Physical security testing
Some hacking practices rely on access to physical buildings and infrastructure. From holding the employee entrance door open for an unknown person (known as “piggybacking”) to providing a “vendor” with unrestricted access to the building, there are many ways your physical building security can lead to a cyber attack. Our physical security social engineering risk assessment will not use any destructive entry methods, damage property, or impersonate public safety/government officials, but can help you discover the training gaps that put your physical assets at risk.
Impersonation attack
Often a part of physical security testing or a phishing attempt, a zero-knowledge attacker may use publicly available information to impersonate a trusted individual like a new hire, repair person, vendor, or other party in attempts to elicit information or gain access.
Spear phishing
Instead of targeting an entire organization or address book, a spear phishing attempt is crafted with a specific target in mind. The intention of these attacks is to secure access or information that requires a specific user to be compromised and are often more specific and harder to detect than a general phishing scam.
Media drop
One rouge CD or USB plugged into your network computer can compromise the entire system. This type of attack is often coupled with physical security testing to find out if employees are susceptible to plugging in an unknown disposable storage device that could contain malicious content.
Conducting a social engineering risk assessment
Conducting social engineering exploits without the explicit permission of business leaders is illegal. Because of this, we work with our customers to ensure that proper notice is given to a corporate IT contact along with the approximate schedule of attack(s). In the event of an on-site assessment, the Foresite employee will carry a signed copy of the Terms and Conditions and Authorization agreement acknowledging the legitimacy of their actions.