Identify the vulnerabilities that open your business up to cyber threats.
Prioritise your cyber security response and budget according to the weaknesses you have and how easily they could be exploited by attackers.
What is an Social Engineering Vulnerability Assessment (SEVA)?
Vulnerabilities are defects that require some sort of remedial action. Once a vulnerability is discovered it is only a matter of time before attackers can take advantage of it. The Social Engineering Vulnerability Assessment (SEVA) looks at your organisation’s online footprint and human security, looking for vulnerabilities that could be exploited in a social engineering attack. We explain in plain English what information we have found, how an attacker could use it against you and what you need to do to eliminate or minimise the risk.
A Social Engineering Vulnerability Assessment is not as offensive and involved as a full Social Engineering Penetration test. It is therefore perfect for organisations wishing to identify and remedy potential vulnerabilities but do not wish to have a thorough test of their exposure to social engineering , or who wish to conduct enhanced assessments between penetration tests.
Why have a Social Engineering Vulnerability Assessment?
Open Source Intelligence
What can we find out about you and your staff online? How would an attacker use this? Is your online footprint too large?
We collect & analyse Open Source Intelligence (OSINT) to mount a convincing attack.
Some of the sources we look at include:
• Corporate website & job adverts
• Document & photo metadata
• Reverse image searches
• Email addresses & enumeration
• Social media, blogs, vlogs
• planning office data
• Geolocation data
Email attacks can be easy to spot or sophisticated & targeted. Email is the biggest attack vector being used. Can your staff spot them?
We test employees against 2 levels of phishing attack (an easy one with lots of clues & mistakes & a harder to spot spear phishing attack). This tells us what level of security awareness your staff have.
You can decide whether to use links, attachments or the input of login credentials for the test.
We work with your I.T team to measure the click rate and the reporting rate coming back from your staff. Both are used to calculate the final score for this part of the test.