Offensive security means obtaining information by manipulating people. In our social engineering assessments, we simulate an industrial espionage attack on your company.
We exploit psychological behavior patterns and obtain passwords, confidential documents and access to business-critical information from your employees. As a rule, the attacks remain undetected. In addition, we also check the general security awareness in your company by using current technical tools (e.g. Trojans, man in the middle attacks).
You receive support in sensitizing your company management to the topic of holistic security, which includes the areas of information security, physical security and organization. We support you in sensitizing your board of directors as well as your management and declare "security a matter for the boss!".
The IT security technology has now reached a high level in many companies. For this reason, the attack vectors have changed. Attackers have focused on the supposed weakest link in the security chain: the employee. Modern industrial spies rely on social engineering methods to obtain confidential information. Test your security level! Within the framework of a Social Engineering Assessment, menoora Consulting carries out a realistic simulated industrial espionage attack on selected company areas that have been coordinated with you. Due to a lack of security awareness of your employees, administrators or security and cleaning staff, we try to gain access to confidential data or manipulate them or document a possible sabotage of facilities.
- Legal and illegal access to the company -Analysis of the efficiency of the physical infrastructure and security service.
- Attack on employees - Using social engineering techniques to try to obtain confidential information (e.g. username and password).
- Theft - appropriation of hardware (e.g. notebooks, tablet PCs) and confidential information (e.g. CDs, documents).
- Documentation of all access to business-critical systems - attack targets include access to personnel data, accounting data, business plans, strategies, board data, development data.
The attack always takes place in close coordination with you. As the initiator, you retain full control throughout the assessment. You define what preliminary information we receive about the target and how intensively the attacks are carried out. Each step of the industrial espionage attack is continuously documented.
A Social Engineering Assessment provides you with the following result: A "status quo" of the holistic corporate security and the awareness level of internal and external employees. A documentation of possible critical vulnerabilities (photos, videos, interview transcripts) and suggestions for their elimination. An excellent basis for raising awareness among management and employees, as (in the event of a successful attack) personal involvement is significantly increased. A reference point for measuring the efficiency of further awareness measures. All results of the Social Engineering Assessment are presented to you in a detailed management presentation.
The goal of a security awareness campaign is constant change in human behavior in the workplace. This behavioral change takes place in several steps:
- Inform (make the need known, create understanding in a motivating way).
- Arouse emotions (create a "personal relationship" with the subject and thus convey a positive attitude towards security).
- Motivate (provide an incentive to change behavior).
- Create sustainability (retain what has been learned).
Our awareness campaigns are based on the findings of modern business and advertising psychology. Experiences from each assessment are incorporated into the design of the next assessment. Employees are given emotional messages without them discouraging or causing resistance.