Could your organisation handle a real-life cybersecurity incident?

If you conduct regular security testing and reviews, your organisation is heading in the right direction in terms of cybersecurity strategy. But have you considered scenario-based testing including red teaming and social engineering.

Our technical consultants take pride in our multi-layered approaches to testing the physical security of your buildings, networks and applications. Using a mixture of our security knowledge and skills, we can design a bespoke scenario-based exercises and simulations to test the protection of the assets you value most in your organisation.

Red Teaming

Real hackers don’t stick to a scope. Our red teaming service combines a number of test strategies and techniques in order to gain access to pre-defined information assets. These may include targeted web application attacks, war dialling and driving, social engineering and specialised malware. Our methodology involves:

  • Risk Assessment – working with your organisation’s security and risk teams to identify your key information assets and threat actors
  • Scenario Creation – devising a number of attack scenarios, each with unique targets and testing techniques
  • Testing – conducting tests over an extended period of time to verify your company’s ability to manage an attack
  • Configuration Review – reviewing the access point configuration in order to identify any deviations from best practice
  • Analysis and Report – detailing the business impact of our tests and identifying high-level gaps in order to provide management with insight into areas requiring improvement, alongside a technical report providing more detailed risk, vulnerability and remediation advice
Contact Us

Social Engineering

How ‘cybersecurity aware’ are your employees? IRM’s social engineering service is designed to identify shortfalls in employee security awareness and physical security, provide actionable remediation advice to combat the threat of malicious attackers and ultimately reduce the risk of employee-related security breaches. Our methodology involves:

  • Elicitation – obtaining sensitive and useful information from employees to use to attack the organisation
  • Pretexting – impersonating other members of your organisation, or persons of authority, in order to access sensitive areas of a building or coerce employees into performing actions to the benefit of the attack
  • Psychological principles – deploying psychological principles to create a successful attack including micro expressions, rapport building and manipulation.
  • Infiltration and attack – infiltrating a target building, identifying weaknesses in physical security access controls and employee security awareness
  • Analysis and Report – producing an executive report with a clear narrative of actions taken, the business impact of those actions and recommendations
Contact Us