This type of test involves human to human interaction, where our consultants will be sent onsite to the target organization. Our consultants will then perform an evaluation of the physical security of the company building. Attempts of breaking into the office area will be performed. A successful compromise of the physical building will allow an attacker to install malicious appliances such as audio listeners in conference rooms.
In the many years of experience we have in this industry, most of the complete compromise of an organization started with social engineering campaigns. As this would provide attackers an initial foothold within the internal network, lateral movements can then be performed to reach the ultimate goal of information leakage for a victim organization.
Defend mechanisms against social engineering campaigns have always been tough for organizations to implement. This is due to the fact that elements of human interaction are required to successfully exploit social engineering campaigns. Although certain software configurations can be implemented to minimize the risk of this type of attacks, cyber security awareness of individual employees is the most important factor to fully mitigate the risks.
