How Does it Work?
Prior to commencement of the service your BlackBerry Cybersecurity consultant will work with you to define testing scope and acceptable level of invasiveness and disruption. The time scale, number of exercises and targets will also be agreed upon.
Simulated attacks may be delivered in multiple formats:
- Social vectors
- Physical assessments
The result will be a full understanding of your organization’s defences and will take into account your security culture and readiness as a whole.
On-site Attacks and Testing
Unauthorized access can be gained by tailgating, cloning access cards, using a fake persona or exploiting weak security measures.
Once on-site, testers can attempt to gain access to the server room and look for further vulnerabilities.
A tester can attempt to gain access to physically unsecured documents that may reveal sensitive information.
If testers gain access to the internal network, they can assess and exploit network vulnerabilities.
Once a device is obtained, applications on the device can be exploited, and sensitive information can be revealed.
If source code of an application written by your organization can be obtained, a competitor could acquiring the same information.
Credit card sized PC’s can be hidden behind tower PCs or furniture to intercept and transmit data from an internal network over an SSH protocol.
Tiger scenarios provide real time, real life feedback in relation to how an organization would respond to a real time security threat.