Protect Your People and Your Business from Malicious Attacks
Cybercriminals are constantly looking to exploit the weakest link in the chain. And with social engineering it’s your staff they’re targeting, looking to abusing their trust and willingness to help, in order to gain access to sensitive information. Using a variety of media – including email, phone, and by physically visiting your premises – these attackers intentionally target the human element in an organization, as it’s often easier to trick an employee than to exploit a network.
Mitiget helps you build security awareness into your organization, and make it part of your culture. We create threat campaigns that are specifically designed to target your staff. The goal can be to gather anonymous statistics (i.e. how many people clicked a link), or to discover who would enter their password into the site after clicking the link. This will indicate the level of knowledge and how-to best address this going forward.
We also run online and on-premise security awareness training, to embed an awareness of how your company may be targeted through social engineering, and to help you mitigate the risks associated.
Defenses Against Social Engineering
Education is the most credible solution for social engineering. Anti-social engineering training is one of the best, most essential defenses against social engineering. The training must include examples of the most common types of social engineering and how potential victims can spot the signs of illegitimacy.
All computer users need to be taught about social engineering tactics. People buying and selling goods on the Internet need to be educated about purchase scams. They should only use legitimate escrow services and follow all the web site’s recommendations for an untainted transaction.
What We Test for Your Organization
Email-Based Phishing Campaign
We adopt phishing emails, and their more targeted counterpart, ‘spear phishing’ to test the vulnerable employees.
Telephone Social Engineering
Over the phone, we try to convince your employees that we are genuine, so that they disclose information. Human brains are designed to trust and help people, and it’s that nature that is being exploited to see those that will fall prey to the trick so that more awareness will be executed for them.
Physical Site Assessment
The most direct approach used by criminals is to walk into your premises and convince your staff that they should be there. Once inside, their aim is to connect to networks or focus on other targets. We also adopt this approach to identify weak links for strengthening.
Open Source Intelligence (OSINT) Gathering
key to the above scenarios is the gleaning of information about your staff from the internet. All this personal data helps to craft the scenarios used to assess and overcome staff. Social media will be a good place for us to present familiar scenarios to see those that will fall for the trick.
GET COMPLIANCE, GET ISO CERTIFIED
Achieve your ISO certification in a seamless, timely and affordable manner. We make it easier and stress free for you. Certification guaranteed in your time frame. 100% Trusted Services – Control Implementation, Training, Documentation, Audit, Certification.
ISO 27001 CERTIFICATION
We work with organizations to identify areas of improvement and meet ISO 27001 standards and requirements for information security management systems (ISMS), providing gap analysis and guidance on improving their overall cyber security controls. Read more …
ISO 22301 CERTIFICATION
We work with organizations to identify areas of improvement and meet ISO 22301 standards and requirements for Business Continuity Management System (BCMS), providing business impact analysis and guidance on improving their overall business resilience.Read more …
PCI DSS COMPLIANCE
We offer a variety of services to help you achieve and maintain PCI compliance. This includes PCI gap assessments, annual AOC (Attestation of Compliance) and Self Assessment Questionnaire (SAQ) assistance, along with cyber security program development and design for PCI organizations.Read more …
We help you to be GDPR compliant. This makes you demonstrate accountability for how you store, maintain and protect both your client’s and employee’s data. We help you develop policies, embed new processes, educate staff and ensure the right security and encryption is applied to all your devices.Read more …