Social engineering is a non-technical, malicious attack, that attempts to exploit human weakness. It involves misleading or tricking people into revealing confidential information, or bypassing security procedures.
We can provide controlled social engineering attempts to review staff behaviour, building access controls and security processes.
Social engineering is one of the biggest security threats organisations face, as typically human behaviour is the weakest security link in any network. Often the easiest way to breach a company or network is not via externally hacking their website, it is simply via tricking employees to gain access to the building.
People naturally hold open doors for others and do not often challenge or escort visitors, this can result in all security being bypassed. In large organisations it is quite common to not know everyone personally, so a unknown face may not be suspicious.
Social engineering tests the ability to bypass security controls or procedures by testing the human ability to implement processes, or identify missing processes.
Social engineering is an important part of any cyber security testing procedure.
Your computer security policies and infrastructure could be the most secure there is, but if someone can simply enter your office space and sit down at a desk or access sensitive information without being challenged, then there is a serious security weakness.
Social engineering tests staff awareness, implementation of security procedures and identifies any missing procedures or policies.
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts||Yes|
|Registered Penetration Testers||Yes|
|Certified Web Application Testers||Yes|
|Certified Infrastructure Testers||Yes|
|Certified Simulated Attack Specialist||Yes|
|Certified Simulated Attack Manager||Yes|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)||Yes|
|CHECK Team Leader (CTL) - Infrastructure||Yes|
|CHECK Team Leader (CTL) - Applications||Yes|
Our CHECK status can be viewed on the below link:
It is recommended that Social Engineering should be conducted annually to retest security procedures, staff awareness and staff changes.
Social Engineering testing is bespoke depending on the goal or outcome you wish to achieve, therefore there is not an off-the-shelf price.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full testing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed findings - A complete list of all issues identified
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.