Skip to main content
GeneralPentesting

Fixing the Shortage of Information Security Professionals

By March 23, 2022No Comments

Using the Easy Button™

Last month, we posted our blog explaining the staffing shortage in the information security (InfoSec) industry. It can often take three to six months to fill a vacant position, and 27% of companies fail to recruit the talent they need. Some companies may even rush to fill a position and end up hiring the wrong person, which sets them back even further. Filling a role with a qualified candidate who has social engineering experience and required technical skills can be an even bigger challenge.

Finding a Solution

What is the solution to this problem? You can partner with experts who will work in tandem with your existing security team. At Social-Engineer, we design customized security programs that simulate attacks based on the four main attack vectors: vishing, phishing, SMiShing, and impersonation. More than 80% of all data breaches involve social engineering tactics, so companies need to test their staff via these attack vectors. We will show your threat defense maturity against these attacks and how your staff improves each month.

Common Attacks We See (and Use!)

Here’s a very common example of a vishing attack that we see every day. An employee gets a phone call from another employee in the company and asks if they’re also having trouble connecting to the internet or a specific internal website. Or, what if the request is for which version of Windows they’re using? Will your employees know what to do and, even more important, will they report it?

If you don’t know how your employees will handle a phishing email, we can start with one that is very easy to catch and if they don’t, give immediate feedback on things to look for. We can then progress to a phishing email that might not be completely obvious that it’s phishing and follow the same steps. Again, the goal is to see improvement in the recognition and reporting rate, so you can be aware of these attacks earlier and take steps to stop them.

Do you have physical vulnerabilities at the office? Are your employees too trusting or unaware of company policy on what to do when they see someone they don’t recognize or can’t validate? What will they do when that very nice person joins them out back for a cigarette break, seems to have all the company lingo down, but doesn’t have a badge ready to get back into the building? What is the company’s policy on how to handle that and will people follow it?

Benefits of Partnering with Social Engineer

How do we approach education for these situations at Social-Engineer? Let’s say you wanted to learn boxing. On the first day, you wouldn’t get in the ring with the heavyweight champion and expect to win, right? It wouldn’t go well, and you’d likely quit. Instead, it’s safer to first be shown the basics; how to stand, how to move, how to protect yourself. That’s what we do with social engineering. We’ll show you how to protect yourself and create a good awareness program. Then we’ll start testing, graduating staff through specific levels of your customized phishing and vishing program. As people show they can handle the challenge, we’ll move them up to a slightly more difficult level. Each month, you get a report showing the progress that your employees have made. We refer to this as our Levelized Program, and we frequently see our clients enjoying huge success with it.

Let’s face it, we know that a phishing attack will be successful, and data on click rates might be valuable. However, it is not the most important metric. We would rather see a high rate of reporting, so you can quickly react to the threat. Therefore, we focus on education and metrics that show improvement over time. We work with you to show that your education is working and, if it is not, we can provide programs to help.

Fixing the Shortage of Information Security Professionals
Our customized, managed services advance your social engineering awareness program. We create campaigns to show you what types of social engineering attacks will work in your environment. But the more valuable part is educating your staff and showing monthly metrics of this improvement as a strong return on investment (ROI).

Sources:
https://www.social-engineer.com/shortage-of-information-security-professionals/
https://blog.isc2.org/isc2_blog/2018/02/cybersecurity-hiring.html
https://www.social-engineer.com/

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now