What We Do
An Online Exposure Assessment will provide you with an understanding of your organisation’s information exposure. We will provide you with the type and amount of information that is publicly available on your organisation and how it could be used by an attacker to gain access into your corporate infrastructure.
When targeting a specific organisation, attackers will spend considerable time and effort gathering information that will aid them in an attack. This information is typically gathered from open sources on the internet such as forums, job postings, social networking sites and the company’s own websites.
How We Do It
There are a number of tools and techniques that we use to find information about you. Search engines provide access to a vast amount of information and we use a variety of these to find as much information as possible.
Social media websites provide employee information. LinkedIn and Facebook are the key social media platforms, however there are other professional websites that are more specific to your business that will be searched.
We will also download documents available on the internet that were created by your staff. Information relating to the type of software (and version numbers) used to create the documents, usernames and author names could be used by attackers to launch a targeted spear phishing attack.
In summary, the following information will be gathered:
– Your organisation’s email addresses (for potential spear phishing attacks)
– Corporate profile
– Information relating to physical corporate locations (e.g. floor plans)
– Technical information relating to your organisation’s IT infrastructure
What You Get
You’ll receive a report that will contain the information collected and this will be categorised into corporate, technical and employee information and would include the sources.
The Security Bureau will devise attack scenarios where the information gathered could be used, such as a spear phishing campaign or a physical security attack on one of your offices.