NetSPI Enhances Social Engineering Penetration Testing Solutions During Cybersecurity Awareness Month

Latest updates from offensive security leader address how organizations can better protect themselves against the sophisticated techniques behind modern-day phishing attacks.

Minneapolis, MN – October 19, 2023NetSPI, the global leader in offensive security, today announced enhancements to its social engineering penetration testing solutions to help organizations build resilience to modern-day phishing attacks. The updates bring a customized, contextual approach to social engineering testing and go beyond basic phishing campaigns to simulate advanced techniques such as device code and OAuth application phishing and capturing multi-factor authentication tokens. 

NetSPI has identified opportunities to update its processes and tooling to create efficiencies, cost savings, and scalability. The phishing tests follow NetSPI’s platform driven, human delivered methodology, leveraging a combination of technology and manual testing to customize engagements and more accurately simulate adversaries based on business context. All tests are managed and delivered in NetSPI’s Pentesting as a Service (PTaaS) platform, to provide a streamlined program management experience. 

Social engineering remains one of the top ways adversaries gain access to environments and sensitive information. Phishing attempts are becoming more sophisticated and less recognizable. The use of emerging technologies such as artificial intelligence (AI) has redefined and reimagined traditional phishing attacks, creating widespread impact. 

“Phishing remains a persistent threat to any organization. It is imperative for organizations to continuously evaluate their resiliency to phishing as adversaries continue to evolve and develop new, advanced techniques,” says Patrick Sayler, Director of Social Engineering at NetSPI. “To better reflect the challenges our clients are facing today, we’ve updated our social engineering testing capabilities to deploy modern, advanced techniques that more accurately evaluate an organization’s defense against these attacks at a larger scale.” 

In tandem with the increased risk and sophistication, this news comes during Cybersecurity Awareness Month, which is led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA). NetSPI has signed on to be a Champion of the initiative which brings organizations together to promote cybersecurity awareness and best practices for data protection.  

This year, the organizations are bringing awareness to four critical steps to stay safe online, one of which is to “recognize and report phishing.” NetSPI’s enhancements align with their mission and aim to not only help organizations evaluate their security awareness programs and policies, but also demonstrate the potential impact of a successful phish and provide clear, actionable recommendations for program improvement. 

To learn more about NetSPI’s social engineering penetration testing solutions, visit:

About NetSPI

NetSPI is the global leader in offensive security, delivering the most comprehensive suite of penetration testing, attack surface management, and breach and attack simulation solutions. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities. Its global cybersecurity experts are committed to securing the world’s most prominent organizations, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500. NetSPI is headquartered in Minneapolis, MN, with offices across the U.S., Canada, the UK, and India. 

Media Contacts: 
Tori Norris, NetSPI
(630) 258-0277  

Jessica Bettencourt, Inkhouse for NetSPI
(774) 451-5142

Discover how NetSPI ASM solution helps organizations identify, inventory, and reduce risk to both known and unknown assets.