While companies stay focused on the threat and vulnerabilities that originate from the digital world, they overlook the dangers that are knocking at their front door. Physical Social Engineering is an exercise that shows a business just how strong its locks are.
If a hacker is able to gain access inside a building where sensitive documents and internal systems are housed, it's only a matter of time before they're able to compromise an organisation. While nearly every company has policies in place to prevent a physical cyber-attack, few test their effectiveness.
What is a Physical Social Engineering Test?
Physical Social Engineering assesses a client's ability to defend cyber-attacks that are launched on-site. It evaluates an organisation's ability to keep sensitive documents away from prying eyes and tests the strength of their protocols surrounding external access to internal systems.
In any engagement, specialist will use a combination of psychological and technical skills to get past security guards, policies and physical defences in order to recover sensitive information by any means necessary.
Physical social engineering assessments are commonplace in the United States, especially in the financial services industry where one data breach can cost hundreds of millions to remediate. In Ireland and the UK, the concept is still quite new with only a small number of cyber security consultants specialising in the field.
As part of our overall cyber security testing team, Integrity360 has a physical social engineering specialist with a long history of social engineering engagements, breaching physical defences by using a combination of psychological tactics and technical expertise to get to important sensitive information.
Organisations across the world are rightly focusing heavily on the security of their digital infrastructure, but they’re overlooking the missing piece of the cyber security puzzle. In many settings, hackers could walk through the front door posing as a maintenance worker or a client, allowing them to get past keycard locks and other physical deterrents. Once inside, hackers are able to easily compromise the company in a variety of ways.
The results of this type of an assessment enables organisations to improve their physical defences and secure what’s often the weakest link in a cyber security strategy.
People are often the weakest link in a cyber security strategy. If someone looks as though they belong in the setting, the company’s staff would rather let them in the building or to a secure area than ask them for credentials. When that happens, the digital infrastructure is compromised and sensitive information is stolen. Physical Social Engineering assessments evaluate the effectiveness of user awareness training and company protocols to ensure the business is protected.