The term ethical hacker is quite well known, someone who infiltrates a computer network, to test or evaluate its security, allowing the organisation to rectify any weaknesses before an adversary can. But what about an ethical burglar?
What is an Ethical Burglar?
This is another way of describing a physical penetration tester. Physical pen testers have a range of objectives depending on the organisation, client, threat level and perceived threats. Typical requests might be to try and enter the server room, obtain details about clients, executives and staff, and gain an understanding of where security procedures and infrastructure enable vulnerabilities.
Hostile Reconnaissance
As with most organised crime, a period of hostile reconnaissance is conducted to explore these vulnerabilities, for instance, do staff react if they see someone tailgating or vaulting the speed gates, are doors left open, and are strangers challenged?
A recent client of ours knew that their security needed an overhaul but could not decide on the priority measures, so they requested our consultation services to assist.
We started the project with a pen test. A small team conducted reconnaissance for a week before deciding on the ways to approach infiltrating the organisation.
Vulnerabilities
The pen test identified that there were not enough security staff on site, their awareness was not high enough, they were not supported by strong procedures and the organisation’s workforce just did not have a suitable security culture.
After a period of consultation, we produced a growth and improvement capacity-building plan for the client which included providing additional members to the security team and creating a bespoke training program for both the security and CCTV staff which included hostile surveillance detection, incident response drills and upgraded policies and procedures.
We then presented a security awareness training session to the entire organisation, teaching both staff and executives why security awareness is so important and how they are the people who can help the organisation meet its security strategy.
The Result
Six months later we sent our team back, and I am really pleased to say that they did not gain entry and neither do I believe would a hostile threat actor.
For information regarding Physical Penetration Testing please contact us:
+44 203 633 0672