Put your physical security to the test.
While the threat of compromise or loss of data through technologically sophisticated social engineering attacks is very real, the threat of physical theft and manipulation of your employees can be of equal or even greater concern—especially if you have public-facing facilities and services that can be easily located by an outsider. Companies are more likely to be attacked if they are regularly processing and storing sensitive customer information such as payment card data (protected by PCI).
Increasingly, attackers are identifying weak points within companies’ physical security measures and through company employees who are duped into providing direct access or revealing sensitive information like logon credentials. This approach is called social engineering fraud and involves manipulating human beings into divulging information or performing actions which they would not normally divulge.
ControlScan's security consultants conduct various social engineering testing to determine the degree to which your system could be compromised and your employees' understanding of policies and procedures, exploited. We then provide an analysis of the weaknesses surfaced as well as recommendations for improving your PCI data security and implementing best practices in order to further strengthen your defenses.
True testing of how your security measures work together.
Performing a ControlScan social engineering engagement is one of the best ways to test your employees' understanding of organizational policies and identify where risk remains and must be addressed. We will work with you to develop an onsite and/or remote testing plan to fully address your organization’s specific needs.