The integration of the Social Engineering protection method was developed by the scientific director of the Institute of Information Security, Academician Oleg Maltsev in 2018 after returning from New York. To optimize both the integration and the methodology itself, experts from the Criminological Research Center were involved.
Our course in Integration of the Defense Methodology against Social Engineering Attacks is a comprehensive training process designed to enhance the knowledge and skills of clients, who can be either individuals or companies (in which case the training is provided to employees). The goal of the integration course is to significantly reduce the likelihood of successful hacking of the client’s website or accounts by providing the necessary tools and knowledge to effectively defend against social engineering attacks (a type of attack in which an adversary tricks or manipulates a target individual or a target company’s employees into disclosing information or providing access which can be used for hostile purposes by the attacker).
The integration process includes the following steps:
1. Introduction: The first step is an introductory session explaining the methodology, its structure, and why it is effective. The purpose of this session is to provide an overview of the methodology and to preview the integration process.
2. Virtual lessons: After the introductory session, five online lessons with our experts are offered, using video chat. Each class covers one element of the methodology in detail and takes approximately 1–2 hours to complete. The video lessons are spread out over a fortnight to ensure sufficient absorption and understanding.
3. Case studies: In addition to the theoretical training, three assignments based on real-life case studies are offered. These are selected and designed to give clients the opportunity to apply the concepts learned in the theoretical lessons in practice. The case studies run concurrently with the theoretical lessons over the course of fourteen days.
4. Test hack: To test the effectiveness of the technique, an experiment is conducted. This involves experts seeking to obtain confidential information which should no longer be available if the methodology is applied. This allows clients to measure the vulnerability and risk of information leakage.
5. Summarizing: At the end of the integration process, a debriefing is held to answer any questions that arose during the process and to provide an overview of the results of the test hack, and any remaining vulnerabilities.
6. Consultation: After the culmination of the course, our specialists are available for up to four consultations per month to help with any issues that arise.
7. Periodic updates: The methodology is periodically updated to respond to new information and emerging threats. Clients will be updated on any changes and will always have the most current information.
The integration process is designed to provide employees with the necessary tools and knowledge to effectively defend against social engineering attacks and to reduce the likelihood of a successful hack. The process combines theoretical training, real-world case studies, test hacks, and ongoing support to ensure that the training remains relevant and effective.