Social Engineering Projects

Social Engineering – measure your responsiveness

We will perform a test including information gathering, vishing (phone calls), phishing and spear-phishing. The results will be presented in a report which states the level of awareness of your users and vulnerabilities in your IT environment. We will present specific actions for you to take tailored to your organization to increase your protection against threat actors, internal and external.

Benefits with this service

• Significantly reduce the risk of data breach.
• Map your user’s current awareness level.

Physical Intrusion – test run your defense

We will perform a test of your physical security. We will try to physically access your facilities, gather internal and confidential information, and plant a box to get access to your IT environment.

Benefits for you:

• Get rid of your physical vulnerabilities.

Combo: Social Engineering & Physical Intrusion

We will perform a combination of a Social Engineering Test and Physical Intrusion. Read more above. We can also test and evaluate your Security Operating Center (SOC) capabilities, if you have one.

Benefits of this combo:

• You get a full picture of all your vulnerabilities.
• Significantly reduce the risk of data breach.
• Improve your SOC capabilities.

Educate and build awareness

The human factor is the biggest risk for the information in your IT environment due to the lack of education. Educating your users will make a difference and significantly reduce the risk of a data breach. We will tailor the education plan specifically for your organization and needs.

Choose the forum which suits you the best – repetitive lectures at your facilities or start with a two-days crash course at our facilities or frequent video modules.

Benefits:

• Reduce the risk of a data breach.

Profiling – to protect high value users

We will map specific targets, such as CEO, CFO, and CTO, online footprint and present a digital profile and its vulnerabilities, which can be taken advantage of by threat actors.

You will receive recommendations on how to digitally protect high value users.

Social Engineering Projects

Change risky behavior and enable employees to report social engineering attacks

On a regular basis, our experts will perform social engineering campaigns that include the common social engineering vectors:

• Spear-phishing to high level executives (e.g. CEO fraud campaigns).
• Phishing emails with the purpose of stealing login credentials.
• Malware (e.g. ransomware) delivered by e-mail.
• Spear-phishing personnel with high privileges.
• Drive-by attacks.
• Phone calls with the purpose of extracting sensitive information.
• Phone calls with the purpose of influencing the employee to perform an action (e.g. create an account).
• Physical intrusions (e.g. to photograph sensitive data or plant a rouge device).

The test results are aggregated in a web based dashboard so you can follow your organization’s resilience to social engineering and see improvement over time.

A teachable moment

When employees enters credentials or executes “malware” delivered in a test, they will be presented with an education video about the dangers of social engineering. This gives the employee a valuable teachable moment.

Awareness insights over time

Get deep insights and follow your organization’s improvements over time in Siggap’s Awareness Dashboard. See how many employees clicked dangerous links, leaked their credentials, downloaded malware, executed malware or reported the attack.

All statistics are anonymized yet gives you the possibility to follow improvement and see results by department and role.