Social engineering is a non-technical, malicious attack, that attempts to exploit human weakness. It involves misleading or tricking people into revealing confidential information, or bypassing security procedures.
We can provide controlled social engineering attempts to review staff behaviour, building access controls and security processes.
Social engineering is one of the biggest security threats organisations face, as typically human behaviour is the weakest security link in any network. Often the easiest way to breach a company or network is not via externally hacking their website, it is simply via tricking employees to gain access to the building.
People naturally hold open doors for others and do not often challenge or escort visitors, this can result in all security being bypassed. In large organisations it is quite common to not know everyone personally, so a unknown face may not be suspicious.
Social engineering tests the ability to bypass security controls or procedures by testing the human ability to implement processes, or identify missing processes.
Social engineering is an important part of any cyber security testing procedure.
Your computer security policies and infrastructure could be the most secure there is, but if someone can simply enter your office space and sit down at a desk or access sensitive information without being challenged, then there is a serious security weakness.
Social engineering tests staff awareness, implementation of security procedures and identifies any missing procedures or policies.
Armadillo Sec are a CREST approved member company and our security consultants are fully certified by CREST to the highest level in application and infrastructure testing. This allows our consultants to give complete assurance when testing any elements of your environment. We have many years of experience leading large complex government and commercial cyber security tests. Our lead consultants will work with your from start to finish on the project to ensure all requirements are met.
Frequently Asked Questions
Our testers are fully certified by CREST to the highest CCT level in both application and infrastructure testing.
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
It is recommended that Social Engineering should be conducted annually to retest security procedures, staff awareness and staff changes.
Social Engineering testing is bespoke depending on the goal or outcome you wish to achieve, therefore there is not an off-the-shelf price.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full testing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed findings - A complete list of all issues identified
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.