Social Engineering

What is Social Engineering?

Social engineering is the human side of testing for corporate vulnerabilities and comprises the techniques used by real attackers to fool an organisation’s staff into revealing sensitive information or performing actions that create security holes for the attacker to slip through.

Many companies will spend thousands of dollars on Intrusion Detection Systems (IDS), firewalls and other protection devices to monitor the network. However, all it takes is one phishing attack to potentially devastate an organisation.

Attackers will typically rely on the following six key principles of influence based on human cognitive biases:

  • Reciprocity — People are likely to return a favour done by another.
  • Commitment — When people commit to an idea, they are more likely to honor that commitment.
  • Social Proof — People will do things that they see other people are doing.
  • Authority — People will tend to obey commands given by authority figures.
  • Liking — People are easily persuaded by people whom they like or feel that they have a rapport with.
  • Scarcity — Perceived scarcity creates additional demand; such as when an offer is available for a limited time only.

Did You Know?

  • Almost 30% of employees fall victim to social engineering attacks. That means almost 3 out of every 10 employees may unwittingly compromise their workstation or the entire organisation's network.

  • 97% of high-profile data breaches use social engineering to enter the organisation's network — the remaining 3% rely on malware.

  • On average, it takes almost five months before organisations detect that a phishing compromise has occurred.

  • New employees are the most susceptible to socially engineered attacks.

  • 21% of current or former employees use social engineering to gain a financial advantage, out of spite for revenge, out of curiosity or for fun.

Why Choose Aurian?

Our approach to social engineering mirrors the latest tactics, techniques and procedures used by fraudsters today.

Our Social Engineering testing provides benefits including:

  • Understanding how susceptible your employees are to falling for social engineering attacks
  • Visibility of the information that an attacker could gather about your business from public sources
  • Improving your organisation's security awareness by highlighting good and bad practices
  • An understanding of how your employees' actions may inadvertently lead to the exposure of sensitive data
  • Results that can be used to develop an effective security awareness programme