Social Engineering Academy (SENG).
Protect your organisation from social engineering attacks.
WHAT WE DO
What is the SENG Academy?
SENG Academy (or Social Engineering Academy) is an innovative solution to harden your organisation’s defences from social engineering attacks. Social engineering is the act of manipulating your staff to unwittingly transfer money out of your organisation, install malware on your computers, leak sensitive information, or perform some other action that they wouldn’t otherwise do.
For example, an attacker could spoof your colleague’s email address and send emails from their address. A photograph attached to an email could contain malware, and the simple act of clicking on a link can allow an attacker to hijack your web browser.
Until now, social engineering has been almost impossible to defend against. But with our exclusive SENG Academy, we’re leading the fightback against cybercriminals.
Our SENG Academy has three components:
- An e-learning platform containing online training for your team.
- Simulated social engineering attacks, where our team will identify and fix weaknesses in your defences.
- Regular OSINT reviews, where we identify sensitive information about your business floating around the internet and attempt to remove it.
What are attacks using social engineering so dangerous?
90% of cyberattacks begin with some form of social engineering.
Statistically, it’s highly likely that at some point one of your team members will fall victim to a social engineering attack. Social engineering attacks are often used as a springboard for more dangerous attacks, including ransomware, data leaks, and financial theft.
75% of organisations worldwide were victims of social engineering attacks last year.
From an attackers standpoint, social engineering is a perfect crime. It’s lucrative, relatively easy to perform, and perpetrators rarely get caught. Thus, social engineering attacks are soaring, with a recent study revealing three-quarters of companies worldwide were victims in 2020.
Social engineering attacks can be incredibly difficult to defend against.
The sheer volume of techniques that cybercriminals can use to target your colleagues is one of the reasons why social engineering is so hard to defend against. Despite technological advances in cybersecurity, social engineering has almost been impossible to fully remediate.
What's included in the SENG Academy?
Our SENG academy offers a triad of mitigations against social engineering attacks. Through experience, we’ve found that whilst it remains crucial, staff training alone isn’t enough to prevent social engineering attacks. Instead, a combination of OSINT reviews, attack simulations, and online training has the most efficacy against social engineering.
Our team of ethical hackers will create both broad and targeted phishing campaigns consisting of emails, phone calls, and even in-person visits where appropriate. We’ll then send out a variety of phishing emails, SMS messages, and phone calls to your colleagues.
Some of the phishing campaigns we send will be simplistic in nature and they should be easy to detect by your colleagues. Others will be highly sophisticated and target key decision makers in your organisation. Our goal is to identify how aware your team are at detecting social engineering attacks, how they respond, and to uncover any unmet training needs.
The simulation will generate valuable data and statistics on how many of your colleagues fell victim to our simulated attacks, from which departments of your organisation, and when. The data gathered from our simulation will be dynamically updated on your client portal, allowing you to detect the types of attacks that succeeded and identify previously unknown weak points in your organisation that require increased security.
Rest assured, no malware will be installed on your computer systems when carrying out our simulated attack, and the details of your staff members will be kept strictly confidential. Our approach is specifically designed to educate your team without embarrassing them if and when they fall victim to our phishing attempts.
Your team will be given accounts to our e-learning portal upon joining the SENG Academy. Our online courses have been prepared and delivered by security experts, and through a combination of video content, written articles, and quizzes, your team will be able to detect and prevent up to 95% of social engineering attacks.
Our e-learning courses are regularly updated to reflect the changing threat landscape, and each module is delivered by an engaging presenter with relevant experience on cybersecurity’s front line. We like to keep each of our modules short, sharp, and focused to maximise engagement and retention. Finally, you’ll be able to track which modules each team member has completed through your client portal, and each participant will receive a certificate of completion.
Your team will learn:
- The fundamentals of security, including the principles of authentication, authorisation, confidentiality, integrity, and non-repudiation.
- The threat landscape: who is attacking your organisation, what is their motive, and how can you detect their presence?
- You’ll see the exact process hackers use to create malware, attach it to emails, and penetrate your computer systems.
- How to detect spoofed emails and SMS messages. Spoofing is the act of a cybercriminal impersonating someone else in your organisation. For example, a hacker could impersonate your finance director and email someone from your organisation using their email address.
- Checking the hash sums of files downloaded on the internet to verify their integrity.
- Implementing best practices for identifying and responding to social engineering attacks.
- How to remove metadata from files, and why it’s important for security.
- Creating an information disclosure strategy and mitigating against OSINT gathering.
- +12 more modules.
The first step in any successful phishing campaign is OSINT, otherwise known as open-source intelligence. Cybercriminals will often heavily research your organisation’s website, social media channels, and online footprint before launching an attack. Even the simple act of uploading an image to your website can be enough for hackers to pin point the exact coordinates of where the photograph was taken!
Therefore, regular OSINT reviews are a crucial element of our SENG Academy. Through the use of automated tools and manual investigations, our experts will collect publicly exposed information about your organisation, reduce the amount of sensitive information about you floating around the internet, and help you to create information disclosure policies for your staff.
Our simple four step process.
Free consultation with our security experts.
Our initial meeting presents an opportunity to identify threats facing your organisation and plan our assessment correspondingly.
We'll plan our assessment and seek your approval.
You’ll be required to sign our statement of work agreement, which outlines what we can and cannot do during the test.
Receive real-time reports through your client portal.
Once our assessment begins, you’ll receive real-time feedback on the vulnerabilities we discover in your systems.
We'll help you to remediate vulnerabilities.
Finally, our team of consultants will help you remediate the vulnerabilities we identified during the assessment.
Let's work together to secure your assets.
There’s no harm in talking. Drop us a line or give us a call and we’ll get back to you as soon as we can.