Physical Social Engineering

Physical employee awareness

Physical Penetration Testing

Minatio's Social Engineering Physical Penetration Test reviews and evaluates user awareness of specific information security policies and procedures.

 

The primary goals of this Social engineering assessment are to: 

  • Create a basis for future decisions regarding information security strategy and resource allocation.
  • Provide management with an understanding of the level of risk introduced by end users.
  • Provide recommendations and details to facilitate a cost-effective and targeted mitigation approach.

 

Why perform a social engineering physical penetration test?

  • To test which physical location is most vulnerable to social engineering?
  • To help measure employees' awareness and understanding of our information security policies?
  • To evaluate how do we compare to other companies?
  • To assess how easy is it to bypass physical security controls?
  • To evaluate how effective our information security training and awareness program is?
  • Performing this scope on a regular basis will also help address specific regulatory requirements, such as PCI DSS.

Physical Penetration Testing Scope

Minatio can conduct social engineering tests at your business site. Techniques include but are not limited to:

  • USB drives, memory sticks, thumb drives or other such devices are distributed anonymously to ascertain if employees use them on company resources.
  • Users can be engaged in tests with our consultants to satisfy, or highlight issues with, specific information security policies, e.g. engineer phone calls to employees posing as staff to gain confidential information.
  • Various methods can be used to test employee website and email security awareness and adherence.

The socially engineered attacks in scope are selected based upon the specific needs and requirements of your business.

Methodology:

Penetration Testing: Physical

The process starts by defining the scenarios to be tested, selecting the locations to be targeted and coordinating the actual test with our client.For Physical Social Engineering, a variety of scenarios can be tested, from attempting unauthorized access at one or more locations to interacting with staff and testing documented IT policies.

Minatio have a small piece of software that is installed on the device for Portable Media Social Engineering, Once a user plugs the device into their system, the software will automatically connect to our secure servers and notify us who plugged in the device and a variety of other system details. While this test will not impact the user's system, the same scenario is commonly used by attackers to compromise end-users