top of page

Cyber Investigations

7 measures of online behaviour.jpg
book2-digitfoot-social-footprint-anshull
Phishing.webp
man_suit_mask_impersonation_ss.jpg

Often seen as the 'weakest link', people can be an organisation's strongest assets in the ongoing battle against cyber criminals

​

An integral part of Synovum Cyber Security's operational services to its clients, Human Red Team (HRT) specialises in the human side of security.

​

HRT provides services related to open-source and social media intelligence, together with social engineering education and related specialist services.

​

All of HRT's consultants have trained with industry leading organisations in the use of OSINT gathering and analysis tools and techniques, and have been formally certified in this area. 

 

In addition, some members of the team have been both trained and certified in specialist practical social engineering tools and techniques, covering such areas as target reconnaissance, impersonation, phishing and vishing, together with the all important area of report writing.

​

Synovum offers a number of different services in this area:

  • Pre-employment Social Media Assessment

    • ​We can work with your organisation to carry out an assessment (based on publicly available information) of a potential employee's online social media footprint, which can be used to determine whether they are a suitable fit for the organisation.

    • ​Our assessment process is based on the 7 key measures of online behaviour, namely social networks, professional networks, news sites, online blogs, personal listings, e-commerce and general online searches

​

  • C-Suite & HNWI Footprint Assessment

    • There have been many examples where a member of an organisation's C-suite, a high-net worth individual (HNWI), or their supporting personnel (executive/personnel assistants) have been targeted by adversaries for attacks.

    • In many cases these have been based on successful acquisition of information gained during an online reconnaissance phase and used to spoof emails or phone calls and ultimately gain access (often in combination with technically-based attacks) to privileged or proprietary information.​

    • We can carry out a thorough review of both individual and organisational online footprints, based on publicly available information and utilisation of multiple industry tools. 

    • ​Following subsequent analysis of the information discovered a comprehensive report will be produced, documenting potential social engineering-related threat vectors, together with recommendations to minimise potentially sensitive information being made publicly available to adversaries which could be used for malicious intent.

​​

  • Phishing, Vishing and SMShing Simulations

    • Business Email Compromise (BEC) is a scam often against organisations that often transfer  money between organisational element or to suppliers.  BEC can result in potential financial losses in the hundreds of thousands of whichever currency is in use by the organisation. 

    • Phishing emails are often used to obtain credentials for account logins, whether it be email, website login or social media account.

    • ​​​Both vishing and SMShing are similar attacks to phishing, the difference being that the attack is initiated through a phone call or SMS message.  

    • ​We can work with your organisation to identify the risk from phishing, vishing, and SMShing attacks through analysis of current business activities, running simulations to test awareness, and implement multiple measures to mitigate the risk from these types of attack.

 

  • Social Engineering Audit

    • Targets for social engineering attacks are often those who are likely to have the most contact with people both inside and outside of an organisation.    These people are often the first hurdle when trying to exploit an organisation, and should therefore be aware of the risk to themselves and their organisation, receiving additional  training as necessary to mitigate a risk of a 'people hack'.  

    • A social engineering audit encompasses many of our services: 

      • Initial organisational and/or personal reconnaissance as appropriate (both offline and online);

      • Profile analysis;

      • Creation of appropriate pretexts (a fabricated scenario/situations used for exploitation efforts);

      • Attempts at target exploitation. 

    • Our audit can highlight areas of potential weakness from a people perspective and show areas for subsequent improvement, to reduce the risk to an organisation and its employees.

 

All research and social-engineering related activities are carried out by experienced and certified OSINT analysts and certified social engineering practitioners using industry best-practice methodologies and processes. 

 

No account passwords are required to carry out assessment processes.  Once a report has been delivered to the client and following receipt of confirmation that it has been successfully received, all copies are removed from our systems within 30 days.

​

Please contact us for more information regarding your cyber investigation requirements. 

bottom of page