The key people in your organisation are incredibly attractive prospects to cyber criminals.
Anyone with sensitive institutional knowledge, significant network access privileges or exposure to corporate secrets represents a highly lucrative opportunity.
Quite simply, the more you know, the more at risk you are.
The Personnel Target Pack identifies the digital footprints your key personnel leave behind and the degree to which they can be exploited.
Every day your key people leave behind footprints based on their online behaviours that are potentially exploitable by attackers, such as:
However innocuous these footprints may seem individually, cumulatively they represent a serious organisational vulnerability.
The Personnel Target Pack identifies the digital footprints that your key personnel leave behind and the degree to which they can be exploited.
Locating these digital footprints reveals elements of your attack surface that are highly likely to be targeted. Broadly, the main elements of your attack surface fall into three categories: Infrastructure, Software, Human. The Personnel Target Pack contains individual attack surface reports for each of the targets, as well as a comprehensive overview that combines these individual risks into an overall threat assessment.
Internal network infrastructure, outsourced / externally managed systems, end user devices, etc.
Applications and tools available to users: email services, databases, web services, mobile applications, SaaS, etc.
Professional Profiles: roles, responsibilities and privileged accesses.
Personal Profile: contact details and social media presence.
We investigate pre-agreed individuals, leveraging accompanying information supplied by you. This is ideally suited to simulate the behaviour of attackers which have inside knowledge of your organisational structure.
We come in blind, simulating the behaviour of an external attacker. We will choose individual targets and their associated attack vectors based on our own non-intrusive intelligence gathering techniques.
A blended approach that fuses blind, black box reconnaissance with a number of client-provided individuals.