Social-Engineering

Salient Security Solutions

Double click here to add text.

Social Engineering

Social engineering is an attempt to trick someone into revealing information (ex. a password) or performing actions (ex. download a malicious file) that can be used to attack systems or networks. It is used to test user susceptibility to deception and manipulation. Such tests can reveal weaknesses in security awareness and behavior, such as failing to follow standard procedures. Social engineering can be performed through many means, including phone conversations, face-to-face interaction, emails, instant messaging, social networking, and removable media.

People are often the weakest link in the security chain. As a result, the easiest way into a corporate network is often through social engineering.

The goal of social engineering testing is to improve the organizations security not to single out and or embarrass individuals. We produce a detailed final report that identifies both successful and unsuccessful tactics used. This level of detail will help organizations to tailor their security awareness training programs.

“Attackers will increasingly make use of social-engineering tactics to bypass technological security controls, fine-tuning their techniques to exploit natural human predispositions. We've already seen such approaches succeed at influencing victims into clicking on questionable links, opening exploit-laden attachments, and installing malicious software. Economics of on-line crime will focus the attention of talented scam and con "artists" on Internet-based activities. Their techniques will take advantage of psychological factors, such as our desire to have more stuff, the need to comply with social norms, and the reliance we place on authority figures. This will bring us closer to merging the line between external and internal threat agents, because social engineering will allow external attackers to quickly gain an internal vantage point despite traditional perimeter security measures."