Technical assessments are extremely useful for locating vulnerabilities within an organisation’s cyber security measures. From here, solutions can be offered to mitigate against these gaps in security and improve the cyber security efforts considerably.
Those testing for technical vulnerabilities are known as penetration testers (pen testers), or ethical hackers. They will be hired by a company to effectively ‘break in’ to the networks and systems of an organisation. Working in the much same way a cyber criminal would, the ethical hackers simulate an attack, identifying vulnerabilities. These vulnerabilities can then be reported back to the company, discovered before a cyber criminal has been able to exploit them. Pen testers will also recommend mitigations to reduce the vulnerabilities and therefore the risk of a real cyber attack. Some cyber security professionals will carry out Red Team Assessments, which often encompass social engineering assessments as well as technical vulnerabilities.
It is clear that security flaws are not always technical, but also sometimes human or physical. With that in mind, it can be very important to test all aspects of an organisation’s cyber security. Understanding if and how employees may be susceptible to social engineering tactics can be useful in working out how to reduce this risk. Red Team assessments will usually involve some form of social engineering, employing ethical social engineers to carry out attacks. This may involve impersonating someone in the company to gain access to buildings, passwords or files, or it may take the form of spear-phishing emails or texts. Testing the physical barriers to a company might be carried out through impersonation again, or planting rogue access points which can be used to expose data. Whether through forging ways-in physically, or through the sending of malware-infected emails, ethical social engineers can highlight areas or vulnerabilities in the human and physical capacity. Again, these can then be mitigated through the recommendations offered, making the company more secure.