Skip to main content

Comprehensive Security Awareness Assessment

Most organizations have a security awareness program in place. However, it is seldom when those programs are put to the test. Security Awareness Assessment can help organizations with an existing program to be able to answer questions such as:

  • • How effective is our security awareness program or campaigns?
  • • What areas do we need to focus on during our next campaign?
  • • What gaps exist in our current program?

Our Assessment services methodology uses different sets of techniques to assess your awareness program, some of these techniques:

  • • Interviews with key staff
  • • Review of organizational goals and objectives
  • • Review of risk assessment reports
  • • Review of existing program design and implementation
  • • Review of content and channels used for awareness
  • • Phishing Assessment
  • • USB Drop Attack Simulation
  • • Knowledge Survey Assessment
  • • Physical Security Assessment

The output report of this exercise will help in identifying areas of strength, as well as areas where you need to improve.

 

Phishing Assessment

What is Phishing?

Phishing is the attempt to obtain sensitive information by disguising as a trustworthy entity in an electronic communication. Phishing attacks usually attempt to steal passwords, credit card info, and other valuable user information for malicious reasons such as selling that information to a third party or using it directly to gain access to bank accounts, corporate secret documents, and critical business information.

  

How can we help you?

Phishing attacks have increased by 250%. In a recent survey, 85% of companies have reported that they have fallen victims to phishing attacks. Why wait for an attack to target your organization to determine its resilience to phishing attacks? 

Our experts utilize our ExceedPhish™ platform to conduct a realistic phishing simulation. The simulations imitate typical phishing campaign targeting employees within your company. The simulation can also be used for spear phishing. Detailed reports that outline the results of the phishing simulation. will be provided to executives.

Baiting Attacks: USB Drop Attack Assessment

 

Baiting attacks, a social engineering technique, have been successfully used to compromise organizations large and small throughout the world. 

 

So where do USB sticks factor in? People will pick up USB sticks and plug them into their computers. From there, many operating systems will auto-run content on the USB stick, which will then infect the computer with malware and give attackers a foothold directly to your internal network, bypassing your expensive layered defenses!

 

During our USB drop attack simulation, we prepare and provide customers with specially prepared USB sticks to be dropped at pre-determined locations at customer premises. we’ll use our ExceedPhish™ to measure how many users insert and run content off random USB sticks. Results will be presented through our ExceedPhish platform providing insight into users’ awareness and their adherence to company policies. 

Knowledge Survey Assessment

 

Security Fist will utilize its Survey option which is built into the ExceedLMS™ platform to assess user’s knowledge and awareness through our carefully prepared assessment questions. These questions will be used to provide reports on areas of weaknesses and strengths in the organization’s overall security awareness and help to provide proper training based on each person's results. 

Physical Security Assessment

 

Physical security is still of paramount importance to your overall security. If an attacker can breach your physical security and gain access to the hardware that contains your data, then they have all that much more advantage to securing that data for their own malicious purposes. A good cyber defense is built on the shoulders of a solid foundation of physical security.

During the physical security assessment, Security Fist will engage a trusted friend/colleague/employee or vendor to attempt to gain access to your facility without pre-announcing them. Security Fist will have them attempt to leverage human kindness to gain physical access through the following ways:

 

• Following another employee inside the building through a secure access point.

• Stating that they forgot their access credentials.

• Catching a door as an employee leaves the facility.

• Other scenarios.