What is “social engineering” penetration testing methodology?
In his latest video, Mike continues his series on comparing penetration testing services, by explaining social engineering methodology. He defines this pen testing method and gives several examples of what vendors can do to help your company’s cybersecurity.
Want Mike’s recommendations on the best penetration testing companies that your organization should be quoting? Click below and ask him today.
About Mike
Mike Smith is the Founder and President of AeroCom and has been helping companies with telecom and cloud services since 1999. He has been the recipient of numerous business telecommunications industry awards, including being recognized as one of the top 40 business people in Orange County, CA., under 40 years old. You can also hear him as the host of the popular Information Technology podcast, ITsmiths with Mike Smith. Follow Mike on YouTube, LinkedIn, Reddit and SpiceWorks.
Transcript
Your company is shopping for penetration testing, or maybe you’re looking to do it yourselves internally and you’re wondering, “Where do we start?” Well, a few things.
So, number one, you might want to watch some of my previous videos on where I think penetration testing falls in the scope of things. I feel it’s really something you do at the end of your cybersecurity preparedness plan, but watch that video I have on that.
Also, watch the videos on black box testing, white box testing, and gray box testing, that might help you give you some perspectives there.
Today, I wanted to talk to you about social engineering penetration testing and how it compares to the other three categories that I think penetration testing has, which are external, internal, and also physical security. So, those are the four different categories of penetration testing I think there are, and really quick, I wanted to make this quick video on what’s included in social engineering penetration testing.
Want some quick recommendations?
But before I get started, really quick, if you want to know which penetration testing vendors are the best fit for your company that you should be quoting, don’t Google it, just reach out and contact me on email or by phone (714.593.0011). More information on that at the end of the video.
What is Social Engineering?
So, in the meantime, what is social engineering penetration testing? What this is, is this is when a penetration tester goes around and tries to find your employees information out there on the web, like for instance emails. Are there emails floating around from your organization on the dark web? Are there things from your company that are floating around on social media that shouldn’t be there? They really look into that and dive into all the different ways your company’s information might be on the internet where it’s not supposed to be.
They also might do some things to penetration test, like send out simulated phishing attacks to see if people in your organization are likely to click on things that they shouldn’t click on. They could also call your company and see if people will easily give out sensitive information that they shouldn’t be giving out by just a couple quick questions from a penetration tester.
So, they’ll do all kinds of little sneaky things and tricky things like that. I’ve even heard of penetration testing companies leaving a thumb drive in the parking lot that says things like executive salary files and see if anybody picks that up and plugs it into one of their computers. So things like that, just different ways to test to see if your organization or if your employees, especially are doing things socially that would hurt your organization’s cybersecurity. So, that’s what I consider social engineering penetration testing and how that’s different from external versus internal testing versus physical security.
I hope that was helpful. Make sure you watch my other videos on the other categories.
More questions on pen testing vendors?
And again, if you want to know which penetration testing companies your organization should be quoting, don’t search for it on the internet. You’ll be searching for hours wasting a lot of your time. There’s way too many companies out there and you’ll probably still end up with the wrong ones. Instead, just reach out to me, on email or by phone (714.593.0011). This is my job. I’m a broker for all these companies, and I know all the major players and based on a few questions, I can tell you which companies you should be quoting and why.
The nice thing is, is I don’t charge you a dime for my broker services. So, there’s no reason not to at least reach out, contact me, I’ll hook you up with the right people at these companies and get you some great quotes.
Hope that was helpful. If so, don’t forget to hit the like button and also subscribe to the channel and I’ll see you on the next video.
Related Content
Penetration Testing Services Comparison: What should your report look like?
When you're comparing penetration testing services for your organization, what should the final report […]
Penetration Test vs. Vulnerability Scan: What is the difference?
What is the difference between a penetration test and vulnerability scan, for cybersecurity?
In the […]
Penetration Testing Services Comparison: What is Physical Security pen testing methodology?
What is physical security penetration testing methodology?
In the video below, Mike continues his video […]
Penetration Testing Services Comparison: What is Internal Penetration Testing?
What is "Internal" Penetration Testing?
In the video below, Mike continues his video series on […]
Penetration Testing Services Comparison: What is an External Pen Test?
What is an external pen test?
In the video below, Mike continues his video series on penetration testing […]
Penetration Testing Services Comparison: Gray Box
When comparing penetration testing services, it's important to understand gray box testing, and how it's […]