What is a social engineering penetration test?

Social engineering penetration tests are designed to test employees’ adherence to the security policies and practices defined by the management team. 

Social engineering is the act of gaining access to buildings, systems or data by exploiting human psychology, rather than using technical hacking techniques. Instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging their password. 

IT Governance’s social engineering penetration tests are designed to test your employees’ security consciousness through personal contact. Our team will attempt to persuade them to provide confidential information. 

To find out more about our penetration testing services, get in touch with one of our experts today.

Speak to an expert


Did you know?

Verizon’s 2018 Data Breach Investigations Report found that 17% of breaches are the result of social engineering attacks. This is a sizeable proportion, and every organisation is a target.

Educating employees about how these attacks are carried out and having the controls in place to mitigate them are critical. A social engineering penetration test provides a basis from which to highlight issues with operating procedures and to develop targeted training. 


The benefits of a social engineering penetration test

Our social engineering penetration test will help you:

  • Establish the information that an attacker could obtain about your organisation that is freely available in the public domain;
  • Establish how susceptible your employees are to social engineering attacks;
  • Determine the effectiveness of your information security policy and your cyber security controls to identify and prevent social engineering attacks; and
  • Develop a targeted awareness training programme.

Is a social engineering penetration test right for you?

If you are responsible for your organisation’s information security, you should ask yourself:

  • What information about your organisation is publicly available that could be used to create social engineering attacks?
  • Are staff vulnerable to phishing and other forms of social engineering?
  • Could a social engineer gain unauthorised access to offices and site locations by exploiting weak security measures?
  • Could an attacker gain access to sensitive information from mislaid documentation?
  • What information could be obtained by someone taking hardware off-site?

Our engagement process

Our CREST-accredited penetration testers follow an established methodology to help model your real threats and provide actionable recommendations. This approach will emulate the techniques of an attacker using many of the same readily available tools.

  1. Scoping: Before testing, our consultancy team will discuss your social engineering assessment requirements to define the scope of the test.
  2. Reconnaissance: Our social engineering team uses a variety of intelligence-gathering techniques to collect information from public sources about your organisation. 
  3. Assessment: Our social engineering team attempts to gain access to the systems and/or buildings that hold the target information defined by you.
  4. Reporting: The test results will be fully analysed by an IT Governance certified tester and a full report will be prepared for you that sets out the scope of the test, the methodology used and the risks identified
  5. Workshop: Our team can also run a workshop that will help your employees identify and respond to the cyber threats conducted during the exercise.

How IT Governance can help you

We are pioneers in offering easy-to-understand and quick-to-buy penetration testing.

Choose the penetration test that meets your budget and technical requirements.

We produce clear reports that can be understood by engineering and management teams alike.

Our CREST-accredited penetration testing services give you all the technical assurance you need.


Companies using our penetration testing services

“IT Governance combines the delivery of real insights with a cost-effective service.”

Ian Kilpatrick, Group Information Security Officer at Collinson Group.


Speak to an expert

Our team of experts are available to discuss your organisation’s red team assessment needs. Get in touch with us today.

top
Risk Assessment
Workshop
- 22 Oct