Security Awareness

Not all attacks against companies target weaknesses in systems, some are specifically targeted at users, with the premise of either gaining a foothold on the network, extracting key data or company information, infecting systems with ransomware, or for the purpose of using systems to attack other companies or users as part of a Distributed Denial of Service (DDoS).

Phishing attacks are on the up. In Q3 2015 Kaspersky Labs Anti-Phishing System was triggered 36,300,537 times. This demonstrates an increase of 6,000,000 from Q2 2015. Many cyber criminals are using targeted phishing as their preferred method of attack due to the relative ease of deployment and expected success rates.

This assessment provides insight into the company's ability to protect its assets and confirm its security awareness processes are working.

Our service can be fully tailored to the needs of your business, with reporting delivered in your preferred format where possible

Overview

The following high-level areas are analysed in this assessment:

  • Social media presence
  • Open source / freely available information
  • Data obtained from security breaches
  • Data exfiltration possibilities
  • Security awareness of employees

Assessment Steps

Reconnaissance

Email harvesting, open source searches, social media profiling, and breach data is reviewed to identify a target set of users.

Active Targeting

The key employees discovered, along with any provided by the client, are targeted in a number of phishing style scenarios. These scenarios can be tailored for different employee categories, providing a greater chance of success.

Collation and Exploitation

The results, including how many emails were opened, links clicked, forms completed, are reviewed, along with any data provided which may provide an entry point to the network or company. These will then be used to attempt to access critical business systems where possible.

Reporting

The assessment is documented in a simple, easily digestible, format.