How Would Your Organisation Respond to a Targeted Social Engineering Attack?

targeted social engineering attack

How Would Your Organisation Respond to a Targeted Social Engineering Attack?

Social engineering has proved to be one of the most prolific & effective means of attacking organisations of all sizes. Phishing attacks alone are responsible for over 80% of security incidents and 94% of Malware is delivered by email.

Cyber-attacks involving Social Engineering are rarely out of the headlines. Cases involving ransomware are hard to hide when all your systems are out of use, but apart from large scale ransomware and reportable data loss where a company has to tell a regulator, it is likely that a vast amount of social engineering attacks are going unreported.

This aside, the current picture of social engineering points to it being a large part of the current cyber crime wave; According to IBM, human error was a factor in nearly half of all breaches, costing an average of $3.5 million dollars.

Your staff need to be able to identify & defend against attempted social engineering attacks.
This 2 hour online course equips your team with the skills to identify & combat social engineering attacks including spear-phishing, vishing and physical impersonation.
We follow nationally set standards and best practice to ensure you get the best awareness training possible.

Course Objectives

Understand

Understand what social engineering is and why it is so effective

Identify

Be able to spot the tell tale signs of psychological manipulation

Defend Yourself

Reduce your personal attack surface and be safer online

Defend Your Organisation

Block and report social engineering attempts in your organisation

What Our Students Say

Great Course – Really fun and really informative, as well as scary!

I found this course really interesting and useful, and also fun! I’m off to check how many friends I have on Facebook…

This was a fascinating training course. Such an eye opener especially for anyone who uses social media a lot.  Has made me much more conscious about my awareness of scammers, hackers, and the various methods used.

A brilliant way to learn.

Great online training. Liked the pauses for us to carry out task and test to ensure our understanding.

Interested in Social Engineering Training for Your Team?

Is your organisation prepared for social engineering?

  • 94% of Malware is delivered by email. 94% 94%
  • Phishing attacks are responsible for over 80% of security Incidents. 80% 80%
  • 65% of cyber criminals used spear-phishing as their primary infection vector. 65% 65%
  • Remote workers have caused a security breach in 20% of organizations. 20% 20%

What You Will Learn

the 4 social engineering vectors

The Four Social Engineering Vectors

We begin by reviewing a REAL LIFE social engineering case study, and the 4 social engineering vectors -vishing, smishing, phishing and impersonation – that are used in an attack.  Listen to and analyse a vishing call to gather information for an attack- would you have fallen for the same tricks?

Step Into The Shoes Of The Hackers

 “Step into the shoes of the hackers” to understand the principle of adversarial thinking.  Students look at intelligence on a fictional company, get given a target and use fictional open source intelligence to write a convincing spear-phishing email that would be opened by their chosen member of staff. This mimics the processes used by professional cyber criminals.

Physical Impersonation

We then move onto a “back up plan” where students plan a physical impersonation attack on a company, reviewing a floorplan and thinking up pretexts to get into the company server room. Donuts? Tailgating? Get in through the smokers entrance? What’s the best way to get that malicious USB into the server room?

Assess the impact of a social engineering attack

With the attack complete, students come back to earth and reflect on the personal and business-related impact of a social engineering attack and we recap ways students can keep themselves, their family and the organisations they work with safer from social engineering attacks.

The Four Social Engineering Vectors

We begin by reviewing a REAL LIFE social engineering case study, and the 4 social engineering vectors -vishing, smishing, phishing and impersonation – that are used in an attack.  Listen to and analyse a vishing call to gather information for an attack- would you have fallen for the same tricks?

Step Into The Shoes Of The Hackers

 “Step into the shoes of the hackers” to understand the principle of adversarial thinking.  Students look at intelligence on a fictional company, get given a target and use fictional open source intelligence to write a convincing spear-phishing email that would be opened by their chosen member of staff. This mimics the processes used by professional cyber criminals.

Physical Impersonation

We then move onto a “back up plan” where students plan a physical impersonation attack on a company, reviewing a floorplan and thinking up pretexts to get into the company server room. Donuts? Tailgating? Get in through the smokers entrance? What’s the best way to get that malicious USB into the server room?

Assess the impact of a social engineering attack

With the attack complete, students come back to earth and reflect on the personal and business-related impact of a social engineering attack and we recap ways students can keep themselves, their family and the organisations they work with safer from social engineering attacks.

Course Contents

Phishing

The biggest attack vector. Staff learn how malicious emails are crafted and how to spot them.

v

Vishing

Phone based attacks often used to gather intelligence for another attack. Staff learn how to spot & stop this attack.

Smishing

SMS (text message) based attacks that can be used to collect personal information or user credentials.

Impersonation

A physical attack to gain access to your business & data. Staff learn strategies for challenging these attacks.

Counter measures

See the business impact of successful attacks and learn ways to improve security within their organisation.

We Need to Talk about Social Engineering

SOCIAL ENGINEERING within cyber security refers to the psychological manipulation of people into performing actions or divulging confidential information, either in person, over the phone or by message, text or email.

Social engineering is consistently one of the most effective cyber-attack vectors, used by script kiddies in their bedrooms to organised crime groups and nation state actors. It pervades film and popular culture and is the hallmark of fast-talking con-artists and secret agents.

Social engineering is frequently employed in espionage, romance fraud, sextortion, IP theft and getting grandmas to hand over their life savings. It is used in banking and credit card fraud, account takeovers, bitcoin scams, online gaming fraud and the theft of military technology.  It is cheap, requires little investment in technology and is highly adaptable and effective.

Social engineering is used to get all types of malware onto a network from backdoors to ransomware.

20 Years ago, the “I Love You” worm was used the pretext of a love letter to spread to 50 million computers – 10% of the total number of computers on the planet at the time.

Today, social engineering has been used to hack Twitter, Facebook, Instagram and pretty much every platform you have ever been on.

Interested in Social Engineering Training for Your Team?

About Your Trainer

Lisa Forte

Lisa Forte

Partner, Red Goat Cyber Security

Lisa Forte is an experienced and qualified cybersecurity trainer and an expert on the human side of cybersecurity and social engineering.  Lisa delivers dynamic and engaging training based on her expert personal experiences of dealing with cybercrime cases and the research she has done into how cybercriminals use psychological principles in their activities.

She is the host of the vlog Rebooting and frequently appears on national and international news as well as on cyber security blogs and panels. She is an international cyber security speaker who has presented at many international conferences both in the UK and further afield.

Benefits

Engage Your Staff in Defence

Dull click through animations don’t interest your staff.  Our training puts your team in the shoes of the hackers and enables them to understand the benefits of cyber security both for themselves and your organisation.

GDPR

Staff training on information security is a crucial part of risk mitigation under the GDPR. Companies who cannot show measurable compliance risk heavy fines. The ICO states that companies should train their staff to be aware of phishing, vishing & impersonation attacks as part of their data protection training.

Defend Your Organisation Against a Growing Threat

Cyber defences are both technical and psychological.  Social engineering training is a key part of the solution to defend your organisation against incoming attacks.

Organisational Feedback

Futures Housing Group

“Red Goat were really helpful in tailoring a course to our needs. The trainer was really engaging.”

Futures Housing group
Bristol Airport

“Red Goat were very helpful and provided an excellent training course that was really engaging and helpful to a wide range of our staff”.

Bath hospital

“Excellent course and great scenarios. We would recommend this course to anyone, really informative and relaxed. Rarely is there a course that is both informative and enjoyable. Really good.”

FAQ

Who is the course for?

This is an awareness level course. It is suitable for all company staff and has been designed to be practical and easily understood by anyone. Our clients often employ it to provide their “high risk” staff with more in-depth training.

What are the skills requirements for this course?

There are no specific skills required to complete this course, anyone from 18-80 who uses email, social media and the internet will be able to understand and learn to better defend themselves online.

Who is the trainer?

This online course has been developed by Red Goat Cyber Securtity and delivered by Lisa Forte. For more info on Lisa see the bio above.

How long is the course?

The total length of the course is about 2 hours including the end of course quiz. Students can study in their own time and stop and start the course as required. Students have 6 months to complete the course.

Do students get a certificate?

Students get a certificate of completion of a completion to evidence their training. This benefits their CPD and demonstrates your commitment to cyber security both to your clients & the ICO under the GDPR.

What is the difference between cyber security training & social engineering training?

Social engineering is one of the largest cyber attack vectors being used. Your human firewall (your staff) need to be able to identify & defend against attempted attacks to protect the company & themselves.

We believe your I.T team should focus on the technical parts of cyber security & your staff should focus on social engineering threats.

What's the difference between this course and the NCSC certified social engineering awareness course.

This course was developed to be a shorter and more effective online course that students can take at their own pace. It incorporates all the excitement and innovation that made the face to face course NCSC course such a success.

How do I book the course?

The Social Engineering Awareness Course is available for organisations to train their staff with a minimum number of 10 seats. Contact us today to arrange a call and get a demo.

Take control of your cyber security and contact us now...

DATA PROCESSING

By submitting your message and your phone number and/or email address, you are permitting us to contact you by these means in response to your enquiry or feedback. You also acknowledge that you have read our privacy terms and that you consent to our processing data in accordance with them.Read our privacy policy here