Human Risk Management
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating the risks employees pose to an organization. With over 80% of breaches stemming from human error, HRM is a critical component of any cybersecurity strategy.
Social engineering (SE) involves manipulating individuals into actions that compromise security or privacy. These attacks are increasingly common and take on various forms, targeting human vulnerabilities.
An effective HRM program incorporates key elements such as security awareness training, clear policy implementation and enforcement, and ongoing monitoring and evaluation.
Our Cybersecurity Awareness Training and Managed Phishing Simulation equip your team with the knowledge and tools needed to understand their risks and effectively defend against threat actors.
- Phishing
- Sending fraudulent emails that appear to come from legitimate sources, tricking recipients into clicking malicious links or providing sensitive information.
- Spear Phishing
- Targeting specific individuals or organizations with personalized phishing emails to increase credibility and likelihood of success.
- Vishing (Voice Phishing)
- Using phone calls to impersonate trusted entities (e.g., IT support, banks) and tricking victims into revealing sensitive information like passwords or account details.
- Smishing (SMS Phishing)
- Sending fraudulent text messages designed to lure victims into clicking malicious links or sharing personal information.
- Baiting
- Leaving physical media (e.g., USB drives) infected with malware in conspicuous locations, hoping someone will plug them into a computer.
- Pretexting
- Creating a fabricated scenario to trick individuals into sharing information or performing actions, such as posing as a colleague or authority figure.
- Impersonation
- Physically or digitally pretending to be someone else, like a repair technician or senior executive, to gain unauthorized access.
- Tailgating (or Piggybacking)
- Gaining physical access to a secure area by following an authorized individual closely, often relying on politeness to avoid questioning.
- Quid Pro Quo
- Offering something in exchange for information or access, such as pretending to provide free IT support in return for login credentials.
- Watering Hole Attacks
- Compromising websites frequently visited by a target group to infect visitors’ systems or steal information.
- Dumpster Diving
- Searching through discarded documents or hardware for sensitive information that can be used in an attack.
- Shoulder Surfing
- Observing someone’s screen or keyboard to capture login credentials or sensitive data.