AN INGRAM MICRO EXPERT SERVICE
Improve Security Defenses Through 'People-Hacking'
While news of the latest cyber-attack are headlines in the security world, it has been revealed that the biggest threats to a company’s security lies much closer to home with their employees. While employees don’t necessarily have to be malicious to put the company at risk, they may not understand the security risks associated with their behavior and their role in protecting business critical information. Social engineering has become one of the prevalent attack methods in use today, and social engineering test assessments are now a must for organizations to understand the real-world threats to their business. These assessments can help identify the potential holes in the “human network” to prevent information breaches and to strengthen the company’s security and compliance posture.
• Build an expanded security practice with additional security assessment offerings
• Build “trusted advisor” relationship with customer by identifying risks before it becomes a problem
• Unbiased, third-party assistance designed to achieve the best possible outcome for the customer
• Increased margins through an expanded services portfolio
Employees represent a possible weak link in security for many organizations. The Social Engineering Test Assessment is designed to complement Ingram Micro’s Network Penetration Test and Web Application Vulnerability Assessment by attempting to convince your employees to divulge sensitive information
with emails and phone call scripts customized to your company. The assessment can help your clients establish the current state of security awareness among their personnel as well as determine gaps in policy, procedure, enforcement and security awareness training.
The security tests performed during the assessment include a mix of automated and manual tests in conjunction with customized scripts that address:
- Telephone Impersonation - Experts will contact a designated list of employees with a script intended to persuade them to give credentials or other sensitive information.
Email Phishing - Emails are sent to designated employees in order to persuade them to perform an action like clicking on a link within the email or to provide sensitive information over the email. At the conclusion of the assessment, a final report that details the number of employees who were convinced to provide sensitive information or click an unknown email link will be provided along with recommendations for the clients to educate their employees about safer behaviors. A discount towards Ingram Micro’s CyberSAFE 1/2-day employee training program will be made available.