Social

Engineering

You're Only As Strong As Your People
Social engineering is when an attacker attempts to manipulate people into performing actions or divulging confidential information for the purpose of information gathering, fraud, or system access. It is an extremely effective and dangerous vulnerability for organizations because it exploits a person's lack of knowledge in policies and procedures, as well as their desire to be helpful.

Unquestionably, social engineering attacks present the largest threat to your valuable business assets, financial information, sensitive client information and intellectual property. According to the Harvard Business Review, IBM found that 50% of all attacks considered in their 2016 Cyber Security Index were due to internal control factors such as social engineering. The same report stated that 75% of attacks were sophisticated attacks, and 25% were simple attacks such as phishing scams. Sadly, too many professionals underestimate the need to deploy effective countermeasures against these attacks.

How a Social Engineering

Assessment Helps

At RevBits Cyber Security Solutions, we combine our proven expertise with innovative security techniques to discover, report and remediate the most critical vulnerabilities in your network before the bad guys do. Our testing is seamless so that you can still maintain your daily operations while obtaining realistic and actionable ways to improve your cyber defensive measures.

Our social engineering tactics are typically included as part of a deep penetration test, but we also perform individual assessments. Our tests provide a glimpse into your employees' level of security awareness, and help to determine your overall attack surface. By knowing this, RevBits can provide actionable advice and assistance, helping your business increase its overall security awareness and apply better security policies, procedures and detection mechanisms.

OurProcess

RevBits stands out amongst other security firms by offering innovative practices that model an actual attacker's behavior, thereby ensuring that your organization is best prepared for a social engineering attempt. Our techniques include

Fake domains and phishing tests

Fake domains and phishing tests that employ Office macros, URL and data entry phishing, and custom exploits to stress-test your staff. We'll purchase domains that mimic your Internet presence and send mock phishing e-mails to your users. If a user falls for any of our phishing "traps," we'll send them an automatically-generated email that explains the error in detail and instructs them on best practices.

Physical threat delivery

Physical threat delivery that attempts to install malware on your network. We've been known to deliver USB devices and other technical equipment to your premises and encourage employees to plug them in.

Internet-of-Things Test

Internet-of-Things (IoT) testing that attempts to capture and break RFID door locks and other parts of your networked system. We'll search for unsecured network ports on your business premises and attempt to use them to infiltrate your system.

Actionable deliverables

At the end of our test, we'll provide actionable deliverables to you in a detailed report, which will show how your users performed in simulated attacks and recommendations for increasing security countermeasures, training and awareness.

Stay in touch