Security Awareness Presentations
Security Awareness Presentations
Organizations are increasingly dependent on their digital infrastructure, exposing them to various risks on a daily basis.
However, you are also at risk from cyber-related incidents in the physical world.
For example, criminals may enter your office premises and, during their visit, obtain sensitive information, break into computer systems or commit (intellectual) theft.
In doing so, they use advanced social engineering techniques, exploiting vulnerabilities in physical security.
A mystery visit provides a realistic picture of the extent to which your organization is resilient to this attack technique.
A mystery guest visit examines the physical security of your organization. This is done in a creative and well-prepared manner.
Our social ethical hackers unobtrusively visit your organization without being announced to the employees.
During this visit, they pose as a customer, employee (from another location) or an external service such as a mechanic.
The extent to which employees are vigilant in noticing individuals they have not seen before is measured. In addition, the security of a facility or system is tested. In this way, potential security problems are identified and the effectiveness of security policies and procedures is assessed.
Prevent financial and reputational damage
During a mystery guest visit, the goal of the research is always discussed with the client.
With this goal as a starting point, several research questions are drawn up that are answered during the mystery guest visit.
At the end of the investigation, the mystery guests report the findings which are conveniently displayed in a pictorial report.
This report also includes advice that is consistent with the findings. Listed below are some research questions that may be asked during a mystery guest visit.
- Is it possible to gain access to a property or (server) room?
- Can the network and servers be accessed and digital systems broken into?
- Are critical systems and areas adequately shielded?
- Do your employees know how to act if they find unknown persons on the premises?
- Is it possible to bypass physical security?
- Are security mechanisms such as turnstile gates and pass readers in place?
- Is a clean desk policy used and confidential company information removed from desks?
- Are the computer screens locked?
- Can passwords and login credentials be extracted?
- Is trash properly destroyed and what kind of information can be retrieved from the trash?
The results of these studies are often surprisingly effective and almost always successful. During a mystery guest visit a preliminary survey (OSINT) is always performed, mapping the location and capabilities including the devices used. In addition, consider the energy supplier or building managers. During a mystery guest can also leave spyware, malware and/or(hard)ware left behind be left behind. Read more about this in the next section on USB dropping.
Become resilient against the most common technique used by cybercriminals
Become resilient against the most common technique used by cybercriminals