Social Engineering, or Pretexting, is a widely used attack vendor used by hackers to attempt to abuse the natural trust that employees have in certain kinds of communications such as email, phone calls, and in-person meetings. These attacks may blatantly ask users to provide their computer network credentials, execute software, or simply build up over time to a large scale attack, abusing the trust that builds as people interact with one another.
Confidence™ allows CIO and CSO-level executives to establish a baseline against other organizations in their industry, identify weaknesses in security awareness training and immediately train offending employees. The service includes:
- An online web portal for tracking targets and the results of all forms of social engineering events in real time, including the effectiveness of each test and the ability to track whether or not the event was reported to security personnel
- In-depth reporting on the effectiveness of social engineering events and training for regulatory and internal-use purposes
- Reporting on the effectiveness of training for employees that are retested in later assessments
- Immediate response to employees that fail a test, providing them with key information for identifying attacks and resources for additional information
- Linking to HR data for analysis
- Optional regular onsite training and security awareness training for employees