Most companies employ some sort of defense-in-depth safeguards to protect their networks. But these vulnerability management solutions are only one part of the equation. Humans continue to be a weak link in the chain. Therefore, it is equally – if not more – important to educate and sensitize employees around best practice “digital behavior” to help fend off attacks made possible by human vulnerabilities. SIM2K can offer effective and highly regarded human testing and education programs designed specifically to bring employees and contractors to a high level of security awareness.
Social engineering is a popular technique attackers use to gain access to your network and, ultimately, valuable information held by your organization. We can facilitate the Frontline Social Test, an assessment which identifies employee, contractor, and patron susceptibility to phishing, vishing and other tricks commonly used by hackers. Social engineering is a type of cyber security attack that uses social engagement deception to convince individuals to provide confidential or otherwise valuable information to cyber criminals.
Frontline Social Test creates conditions and scenarios that lure personnel into engagement – just as if driven by a crafty cyber attacker. Social engineering tactics and techniques can include phishing calls, targeted emails, and more. Findings are used to educate employees on how to become more astute at discerning legitimate human engagement from trickery.
Topics covered include:
- Acceptable Use of Computer Systems
- Installing Software from Unknown Sources
- Mobile Device Security
- Onsite Social Engineering
- Password Development and Security
- Physical Security
- Preventing Virus and Malware Outbreaks
- Remote Social Engineering
- Safe Web Browsing
- Securing Protected Data
- Social Media Dangers
- Using Cloud Services Safely
Network Penetration Testing
Understanding and addressing network and host vulnerabilities is, of course, an essential element to strong information security. But, that alone is still insufficient. Network penetration testing, also commonly referred to as Ethical Hacking, goes beyond the actual discovery of vulnerabilities, and into the work of actively exploiting vulnerabilities with real-world attack techniques – to see if your IT assets, data, humans, and/or physical security can be compromised.
Regardless of the strength and sophistication of your defense-in-depth strategy, a clever enough human mind with strong motivation and determination can, and will, find a way in. This is where the world of ethical hacking can be brought to bear on your behalf. Through Frontline Pen Test, SIM2K can impose a skilled and experienced team of testers against your network defenses to:
- Determine the viability of select attack vectors
- Identify high risk vulnerabilities hidden among a well sequenced attack against a set of lower-risk vulnerabilities
- Identify vulnerabilities that are difficult or impossible to detect with vulnerability scanning
- Assess the business impact of successful attacks
- Test the ability of your security team to detect and respond to attacks
- Provide quantifiable support for increased investments in security personnel and technology
- Improve compliance posture, e.g., PCI DSS – which requires both annual and ongoing penetration testing
While many companies perform vulnerability scans of their networks and computing platforms, many never know if an attacker could actually exploit the vulnerabilities discovered in the process. Compounding the problem is the fact that most companies do not have staff with the specialized expertise required to adequately test systems without incurring a potential business operations impact. As a result of these challenges, companies are often left exposed to threats. SIM2K can provide testing performed by trained security analysts, utilizing industry best practice test methodologies, to complete testing to target systems where weaknesses reside. We efficiently determine if a potential vulnerability is truly exploitable and if it could lead to the compromise of sensitive corporate data.