NTT Security expands suite of phishing attack simulation services

NTT Security is expanding its suite of phishing attack simulation services with the use of special social engineering techniques to check whether senior executives pose a security risk.

The ’Management Hack’ service is specifically designed with C-level executives in mind, such as the CEO, CFO or even CIO. Cyber criminals are increasingly attracted to this level within an organisation as senior executives are more likely to have unrestricted access to highly confidential company data, including financial information, which makes them a valuable target. Senior executives also benefit from special privileges, with security policies or standards suspended or relaxed for example to simplify login – often with fatal consequences.

NTT Security will first coordinate with the client – typically a CISO or the Head of IT – and simulated, personalised social engineering attacks are then carried out, with the individuals involved unaware they are being targeted. NTT Security then analyses how executives respond, identifies specific weaknesses, and recommends appropriate measures, such as security awareness training.

NTT Security’s Management Hack service includes verification of IT security, physical security (property protection) and human error analysis. Using social engineering techniques, such as phishing and personalised spear phishing combined with malware or brute force attacks on passwords, a simulated attack involves a five-step approach:

  1. Building a phishing website that simulates a customer or a website known to the customer
  2. Designing a phishing e-mail that leads to the phishing website
  3. Sending the phishing emails to the client’s senior management
  4. Intercepting login information or other sensitive information
  5. Producing a detailed report with statistics on the current security situation and measures to improve a company’s security posture.

A number of management hacks have been carried out by NTT Security in Scandinavia already with surprising results. Kai Grunwitz, Senior VP EMEA, NTT Security explains. “In many cases, we were able to access critical data, such as confidential business plans, mergers & acquisitions documents, domain controllers, usernames and passwords, in just 10 minutes.”

NTT Security’s new service is aimed at increasing security awareness at the executive and senior management level, but also in helping to establish a strong security culture across the entire organisation. “Our initial projects have shown that there is a need for action on the part of the company involved,” adds Kai Grunwitz. “It seems the degree of maturity in terms of cybersecurity at the senior management level is still relatively low.”

Once a simulation attack is completed, NTT Security analyses the results together with the client in workshops. NTT Security can then work with the company to help design and implement a comprehensive company-wide security strategy, which incorporates the management level, and will protect against real-life social engineering attacks in the future.

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services