Physical Penetration Testing
Most companies understand the need for robust information security. Large sums are spent on technology aimed at securing internal networks, devices and information. However one of the areas frequently overlooked is physical security.
While an organisation may implement complex passwords, robust code and comprehensive intrusion prevention controls, even the most secure facility is often subject to vulnerabilities from gaps in physical security. A facility with gates, guards and cameras might have a side door with no alarm that employees use for smoke breaks. A company housing sensitive information on systems with multiple layers of authentication might not have any visible identification policy or controls against tailgating, essentially letting a motivated individual to just walk in and take their information. Rather than just acting as an additional layer, poor physical security can undermine all other controls. There is little use in investing in a comprehensive security solution to protect your vital data if someone can enter a facility unnoticed and take or destroy it from an unlocked laptop.
Physical security in particular is subject to the kind of misconceptions that can be devastating – placing surveillance around a secure site and then leaving the feed unmonitored, implementing security controls that can be easily avoided by a convincing social engineer. Many organisations are blissfully unaware of the gaps in their physical security setup until the worst happens and they lose information or devices. But how can they predict which controls are inadequate before this happens?
Physical Penetration Testing, in combination with Physical Site Security Audits, can provide a real-world trial of just how effective those physical security controls are in protecting your data and equipment. In a site audit, a professional will inspect your premises’ security profile – observing and taking note of any vulnerabilities that could potentially be exploited to gain access to your valuable information.
During a Sense of Security physical penetration test, the value of the controls in place is rigorously tested by a team of experienced consultants, trained to think like an intruder. Depending on your requirements, the scope of the test can vary widely. Based on your needs, a test may involve an individual attempting to talk their way into a secure facility during business hours or tailgate other employees, all the way to an invasive attack on your facility and systems, attempting to enter offices and computer rooms, circumvent alarms or disable cameras and essentially prove the real-world efficacy of your security controls.
In a physical penetration test motivated individuals act like intruders in that they employ creativity and tenacity as they attempt to breach your defences and gain access. However rather than stealing or destroying your assets, they then comprehensively report where the vulnerabilities exist so that you can fix the problems and fortify your security. After this point additional checks or penetration tests are recommended – to see whether issues have really been fixed, or whether new vulnerabilities have arisen.
To discuss how our specialist services can help your organisation with physical security please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.