2024 State of Vishing Report
In this fast-paced world, staying ahead of hackers and attackers is vital. Our personal and company’s security are more important than ever. For this blog, let’s look at the latter. Company security encompasses various things. Because of that, let’s narrow our focus to social engineering for this discussion. Malicious social engineers utilize human vulnerabilities to take advantage of your company and its data. Social engineering was behind many of the major breaches in 2023, and we continue to see this through to today.
How can you discover vulnerabilties before hackers do? One way we recommend is performing a social engineering risk assessment (SERA) on your own company. What exactly is this, and how is it beneficial? Let’s take a look.
In a social engineering risk assessment, we start one of two ways. The first option is the client picks specific targets within the organization that they feel may be targeted by malicious attackers. Or they give the Social-Engineer, LLC’s professionals free reign to do some research and then pick those employees themselves. Once the scope and target employees are defined, the work begins.
The work starts by first performing the Open-Source Intelligence gathering, commonly referred to as OSINT. What this really means is that deep research will be done into the given targets. This research can involve information gathering from personal details to corporate employee information. It all depends on the scope of the project. The research will then be used to craft specific and targeted pretexts. These will be used in the attacks the professional social engineers launch against the chosen targets. The pretexts are developed from the research. For example, imagine details are found via OSINT regarding the employees work duties. These details may be leveraged in an email or phone call that is similar to one the employee may normally receive. Attacks can span from phishing to vishing to smishing.
The results of the OSINT and attacks are then gathered into a comprehensive and detailed report that is the final deliverable for the client.
Why, though, is a SERA beneficial? We often hear the saying, “Defenders have to be right every time; attackers just have to be right once.” This means that it only takes one vulnerability to get access. It only takes one employee to give their credentials. You might think, “Oh, no one would ever fall for that attack and give up their password!” But can you be sure without testing? Through Social-Engineer, LLC’s SERA, you can better understand who that is, which vectors they’re vulnerable to, and even which influence techniques are most effective.
Staying ahead of the attackers is key. One way we can do this is by testing our company and employees before real attacks happen to determine where our vulnerabilities lie. A social engineering risk assessment is a great place to start. Beginning with OSINT, this assessment delves into the online presence of your chosen employees. Then, testing attacks are launched, revealing where potential vulnerabilities lie. Finally, a report that includes recommendations and mitigations is delivered right to you, assisting you in patching the gaps in your security. Finding your vulnerabilities at the head of the attack chain and stopping them before data is breached is not only advantageous, but necessary. To get in touch with us and start your SERA today, contact Social-Engineer, LLC here for a personalized quote.
Written by:
Shelby Dacko,
Human Risk Analyst at Social-Engineer, LLC
In the rapidly evolving digital landscape, no entity is immune to the pervasive threat of cyberattacks. The security breach at MGM Resorts highlights the vulnerability of even massive organizations. As
SMiShing Attacks in the News In February 2024, 19.2 billion spam texts bombarded U.S citizens according to a recent report. As annoying as spam texts are, they are not always
