Bishop Fox, a US offensive security company, expanded its Social Engineering testing services to simulate complex, multistage, and multilayer adversarial attacks, provide detailed results, actionable guidance for improvement, and allow internal teams to observe the entire process from OSINT to attack execution.
Since Social Engineering is arguably the most impactful and weakest link in security programs, Bishop Fox designed their new services to expose every aspect and angle of attack tactics, techniques and procedures to users and security teams. This ensures full understanding of both what is possible and what is probable, according to the company.
Bishop Fox new Social Engineering services include:
- True Social Engineering adversary emulation: activities are flexible and crafted to each organization’s unique context and environment, including logistics, user targeting/OSINT, pretext/payload development, and more.
- Full reporting of human vulnerabilities: in-depth, post engagement reporting demonstrably improves user awareness and security culture, with reports providing detailed breakdowns of attack narratives and actions, defensive performance, and results against target objectives.
- Security team “Ride Along”: internal practitioners have the ability to observe and monitor the full attack process and effects as they play out – with the ability to adjust activities to make sure they are effective, but also sensitive to a proper workforce balance.
“An attacker will look for and exploit any opportunity presented to them, and an endless amount of industry data and evidence underscores the rampant opportunity presented by a disparate and unsuspecting employee population,” Bishop Fox Red Team practice lead Trevin Edgeworth said.
The 2022 World Economic Forum’s Global Risks Report estimates 95% of all cyber-attacks involve human error, according to Bishop Fox, while Gartner cites that while 90% of cybersecurity functions have a user security awareness program, 69% of employees admit to intentionally bypassing their organization’s guidance. The issue is exacerbated by the fact that awareness programs – from “lunch and learns” and training materials, to automated phishing campaigns – not only miss the mark but fail to adequately educate organizations about their largest exposures or provide evidence of downstream impact to inform security programs at large, the company added.
Founded in 2005, Arizona-headquartered Bishop Fox provides solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. The company has worked with more than 25% of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies to improve their security, according to its website.
Image source: bishopfox.com