The aftermath of a social engineering pentest. - Are we being ethically responsible?
Вставка
- Опубліковано 10 жов 2023
- Over the years, pen-testing humans by leveraging social engineering techniques has become increasingly important to many organizations. While many focus on the performance of a social engineering engagement, fewer deal with the post-engagement process. How are the results handled? How does a target feel afterward knowing they have been duped, and who is helping them overcome adversarial feelings in the wake of a test?
A social engineering pentest puts humans, and not systems as seen in technical pentests, to the test. By doing so, the people affected can feel they have failed as humans and not just failed professionally. Distress, psychological strain, and self-blame are just some of the factors that can affect a human not being treated correctly in the aftermath of a pentest. When are we doing it right, and when are we doing it wrong? Is there a right or wrong way?
This presentation seeks to highlight the possible pitfalls in handling the aftermath of social engineering engagements and explores various challenges and proposed solutions to problems that may arise for companies both conducting the tests and those that order them.
SANS Security Awareness: Managing Human Risk Summit 2023
The aftermath of a social engineering pentest. - Are we being ethically responsible?
Speaker: Ragnhild “Bridget” Sageng, Senior SecurityAdvisor, Norwegian Customs
View upcoming Summits: www.sans.org/u/DuS
