- Direct financial loss
- Loss of customers
- Breached client records, identity repair, and credit monitoring
- Notification and public relations costs
- Legal fees and regulatory fines
- Cleanup costs and business disruption
Identify weakest links in your cybersecurity defenses.
Provide targeted security awareness training to each employee.
Audit and measure each employee's level of cybersecurity awareness.
Assign personal security coach to strengthening people in high risk categories.
Reduce the cost and time of providing cybersecurity awareness training.
Allow employees to receive training wherever they want and whenever they want, with no wait times.
Social engineering is the technique of using psychological manipulation to trick people into doing some action that will be to the attackers’ benefit. Social engineering also involves physical access probes designed to gain unauthorized access to a target facility. All corporate personnel and executives should experience benign social engineering testing in order to augment their security awareness training and develop their risk leadership capacities. The aim and “rules” for social engineering testing should be explicitly designed for specific learning objectives both for individuals who experience the testing, and for the organization that can benefit as a whole from the lessons learned. Social engineering tests should never result in the embarrassment of an individual, or the results used by management in any punitive manner that could negatively affect the employee.
Following our training, we may conduct virtual or physical social engineering tests to gauge the awareness of employees. Social engineering tests can involve sending a personalized email spoofing a trusted address (“spear phishing”) that is designed to get the target to download a file with hidden “malware”; a spoofed phone call from a supposed “IT service provider” seeking to elicit password and log-in information; or an attempt to enter facilities while posing as a supposed "delivery person".
|