Test the Human Element
Social engineering is a highly effective component of a full security penetration test. Raxis has an 80% rate of success based on 2012-2017 results, and most of our customers are very surprised at how easy it is for us to gain access. We'll use techniques designed to convince your team to give us access to your systems and data center. Regardless of the engagement you choose, you'll learn invaluable information about your organization's security posture.
A simulated social engineering attack is the spark needed to drive security awareness throughout your organization.
Test the human element and discover weaknesses in your visitor and vendor processes that you never knew you had.
Our Process & Goals
In order to understand how the process works, it helps to understand the goal of social engineering.
The goal is not usually to steal items from your office or retail location. Instead, it's more about the security of your internal network and the data that you have contained within it. Credit card numbers, product cost data, proprietary business plans, and identity theft are often the drivers for a malicious social engineer. More specifically, they want to gain unrestricted access to your internal network, and it doesn't matter if it's via wireless or wired.
Our first step involves significant research on your organization's line of business, communication style, and employee behaviors. We'll learn as much as we can about your group to find the most effective style of attack, and we'll also work directly with your security team to ensure we're targeting the areas you need assessed. Our attack plans range from using branded clothing easily obtained from local sources to creating fake credentials or badges. In many cases, we'll use no tangible physical items and simply rely on our communication skills to establish credibility with the targeted staff members.