It is widely accepted that humans are the weakest link in the cyber chain. The NEBRC offer a social engineering resilience exercise that breaks down into two separate stages, one off-site and the other on-site.
The off-site stage deals with direct communication in the form of emails, phone calls and other communication means. It also includes indirect attacks,such as phishing emails, phone calls and physical mail. The on-site stage can deal with an indirect approach, such as dropping USB drives at the building doorway or dumpster diving to obtain discarded assets or contractor details. It can also include a more direct alternative, including interaction with employees whilst adopting different personas (such as a delivery man, contractor or potential customer).
This test is integral to determine if the right protocols are in place to counter these situations and, if present, test their application and effectiveness. If a member of your staff found an unknown USB stick on their desk, would they plug it into their computer? This exercise lets you find out.