Social engineering methods are limited only by the creativity of the person or persons perpetrating them. Most social engineering takes place via email, text message and phone. However, tactics can include simply walking in the front door behind someone possessing a valid badge, or dropping portable USB drives in the parking lot and waiting for an unsuspecting employee to plug them into their work computer.
Whatever form social engineering takes, businesses and organizations are largely unprepared for how to effectively counter these attempts across their workforces. Getting employees’ attention and commitment to vigilance can be difficult without proving how easy those employees can be exploited.
Dell SecureWorks’ Social Engineering service tests your security defenses against non-technical social engineering techniques. The service helps you evaluate the effectiveness of your organization’s security awareness campaigns and the vigilance of your workforce from softer, non-technical break-in attempts. The Social Engineering service is multi-faceted to match the nature of a real-world social engineering threat.
What is “Social Engineering?”
Social engineering is an attempt to use your own employees to defeat your security controls and practices. By design, social engineering involves the abuse of trust relationships.
Social engineering methods are increasingly used by attackers, including as an element of larger Advance Persistent Threat (APT) attacks. Social engineering can be very effective, very cheap to perform and does not require much technical knowledge or skill.
Your “Human Firewall” is the awareness and vigilance of your employees to prevent social engineering attacks from compromising your security. For most organizations, this firewall more represents a security hole that a social engineer can exploit.
The Dell SecureWorks Social Engineering service is designed to evaluate the strength of your human firewall against threats that can result in unauthorized access of your systems, data and intellectual property. Using real-world practices and techniques, the Dell SecureWorks Social Engineering service tests how your employees respond to attempts to obtain access to facilities and information. The service gives you a baseline measure of the ease or difficulty by which a social engineer can use non-technical means to penetrate your organization.
The only truly effective front-line defense for social engineering is a knowledgeable workforce that knows what to look for, how to handle it and how to report potential threats. Unfortunately, most organizations do not have the resources or independence to effectively measure how their employees respond to social engineering attacks, and how they can implement an effective training regimen to improve employee behavior.
Dell SecureWorks’ Social Engineering service can help prepare your organization and workforce for social engineering attempts. Our consultants are highly versed in today’s social engineering practices, and use that knowledge to test and educate your employees to raise their vigilance against these subversive, non-technical techniques.
Organizations may be protected by logical and physical security controls, but social engineering represents an additional area of exposure where controls and policies often lack. Social engineering represents a non-technical threat to your facilities, systems and information. Appearing in a variety of creative ways, social engineering works to exploit employees to gain access, and can be as potentially damaging as any other threat. But how do you defend against non-technical threats to your environment, especially when the threat plays on winning an employee’s trust?
The Dell SecureWorks Social Engineering service is designed to test your defenses against non-technical threats that can result in unauthorized access of your systems, data and intellectual property. Our consultants summarize the results and prioritize findings so you know what areas present the greatest risk to your organization. In addition, we give you guidance to help build the awareness and vigilance of your employees.
For many organizations, understanding the susceptibility of your employees to social engineering is not enough. Employees have to understand the threat posed by social engineering and how to identify it before a breach occurs.
We give you the practical guidance you need to build an effective security awareness effort across your organization and employees.
Our consultants work with you and your team to answer the most critical question, “So what now?” You need to know how your security stands up against social engineering and non-technical threats. You need to know how your employees respond to attempts to manipulate them and compromise your defenses. Most importantly, you need to know how you can build awareness and enhance your security in the future. We can also perform periodic phishing tests of your employees to reinforce their awareness and vigilance against social engineering tests.
Our Process & Approach
The Dell SecureWorks Social Engineering service is a highly customizable engagement. The service is tailored based on your concerns and the types of threats we actively see in the marketplace. The service may be performed remotely or onsite (or both), and include:
Based on your interest in our Social Engineering Service, you may also be interested in: