Should social engineering be a part of penetration testing? - CYBRI
Cybri LogoCreated with Sketch.

Should social engineering be a part of penetration testing?

IN

|

BY Paul Kubler

The question of whether social engineering should be part of pen testing is often asked, and not an easy one to answer.

Here at CYBRI we recommend tackling the challenges of user education and awareness of social engineering attack in a multifaceted approach.

Every organization should conduct regular phishing exercises outside of pen testing.

During a pen test, or red team engagement, a more thorough and targeted social engineering campaign should take place.

Why do hackers use social engineering

Before diving deeper into social engineering pen testing, it is important to understand why hackers use social engineering.

Social engineering is one of the most effective ways of bypassing defenses.

This can be technical like a phishing email with malware or non-technical like piggybacking an employee.

This is where an attacker literally follows an employee closely enough to bypass entry blockers and where they can potentially hold the door before it closes fully.

Most commonly we see phishing emails as the main and most effective vector inside an organization. Firewalls that are setup right are difficult to get through, but having an employee click a fake email link is not.

The attackers will spend time researching their targets to create custom emails to ensure their efficacy.

What is a social engineering penetration testing

Social engineering penetration testing is where a pen test includes a social engineering component or pen testers are tasked with a specific social engineering project.

This differs from the regular social engineering testing a company may do, namely phishing tests. The focus will be a much more tailored attack to best gauge the ability for an APT to get in.

The pen testers or red teamers will create a very small focused campaign to just target a few users.

This includes research about them and their roles, who they are connected to, and what they are interested in. It will then aim to steal credentials, sneak in a malicious payload, or obtain sensitive data.

It may also include phone calls, USB drops, or other forms of social engineering combined for maximum effectiveness.

Depending on the engagement it may be done during the full pen test and can give the testers a way in or more data to work with.

Discuss your project now

Request A Demo

Related Content

Previous
Next

Schedule a personalized demo with CYBRI.

Don't wait, reputation damages & data breaches could be costly.

Tell us a little about your company so we can ensure your demo is as relevant as possible. We’ll take the scheduling from there!
Michael B.
Michael B.Managing Partner, Barasch & McGarry
Read More
I am an attorney who represents thousands of people in the 9/11 community. CYBRI helped my company resolve several cybersecurity issues. I definitely recommend working with CYBRI.
Tim O.
Tim O.CEO at Cylera
Read More
I’m using CYBRI and have been very impressed with the experience and quality of the experts and CYBRI’s customer service. It has been a super seamless process that I’m happy and pleased with – I recommend CYBRI to all businesses.
Sergio V.
Sergio V.CTO at HealthCare.com
Read More
I hired CYBRI to help my company with various cybersecurity services, specifically HIPAA and CCPA. I have been satisfied with the quality of work performed by the cybersecurity expert. The customer service is excellent. I would recommend CYBRI for all of your cybersecurity needs.
L.D. Salmanson
L.D. SalmansonCEO at Cherre.com
Read More
We worked with CYBRI on assessing vulnerabilities and understanding the risks of our client-facing web assets. We are satisfied with the results and the professionalism of the Red Team members. Highly recommend CYBRI to all businesses.
Marco Huslmann
Marco HuslmannCTO MyPostcard
Read More
CYBRI is a great solution that helps streamline the penetration testing process. I strongly recommend them and will work with them again.
Alex Rothberg
Alex RothbergCTO IntusCare
Read More
I highly recommend CBYRI to businesses that need penetration testing to ensure their business infrastructure is secure.
John Tambuting
John TambutingCTO Pangea.app
Read More
I am confident CYBRI is the right penetration testing choice if you are looking to build a secure business environment.
Previous
Next

Discuss your Project







    Michael B.
    Michael B.Managing Partner, Barasch & McGarry
    Read More
    I am an attorney who represents thousands of people in the 9/11 community. CYBRI helped my company resolve several cybersecurity issues. I definitely recommend working with CYBRI.
    Tim O.
    Tim O.CEO at Cylera
    Read More
    I’m using CYBRI and have been very impressed with the experience and quality of the experts and CYBRI’s customer service. It has been a super seamless process that I’m happy and pleased with – I recommend CYBRI to all businesses.
    Sergio V.
    Sergio V.CTO at HealthCare.com
    Read More
    I hired CYBRI to help my company with various cybersecurity services, specifically HIPAA and CCPA. I have been satisfied with the quality of work performed by the cybersecurity expert. The customer service is excellent. I would recommend CYBRI for all of your cybersecurity needs.
    L.D. Salmanson
    L.D. SalmansonCEO at Cherre.com
    Read More
    We worked with CYBRI on assessing vulnerabilities and understanding the risks of our client-facing web assets. We are satisfied with the results and the professionalism of the Red Team members. Highly recommend CYBRI to all businesses.
    Marco Huslmann
    Marco HuslmannCTO MyPostcard
    Read More
    CYBRI is a great solution that helps streamline the penetration testing process. I strongly recommend them and will work with them again.
    Alex Rothberg
    Alex RothbergCTO IntusCare
    Read More
    I highly recommend CBYRI to businesses that need penetration testing to ensure their business infrastructure is secure.
    John Tambuting
    John TambutingCTO Pangea.app
    Read More
    I am confident CYBRI is the right penetration testing choice if you are looking to build a secure business environment.
    Previous
    Next

    Find mission-critical vulnerabilities before hackers do.

    CYBRI’s manual pen tests are performed by U.S.-based highly certified Red Team experts.

    We help businesses detect & remediate catastrophic vulnerabilities in applications, cloud, and networks.

    Contact Us