Who needs physical penetration testing services?
All brick-and-mortar businesses should assess their security through physical penetration tests. Organizations should focus heavily on their physical penetration tests include:
- Utility providers should evaluate the risk to substations, ICS/SCADA systems, etc.
- Healthcare call centers should evaluate whether customer health information can be obtained.
- Medical facilities should ensure patient health and information cannot be breached
- Education Facilities should evaluate and ensure that safety protocols are in place
- Retailers should evaluate the risk of an attacker at a store or branch location.
- Financial institutions should evaluate the risk of an attacker at a branch
- Organizations need to upgrade their physical security or evaluate the effectiveness of recent security upgrades.
What is pretexting in cyber security? A cyber security pretext is when the attacker pretends to be an authority figure by staging scenarios, baiting a victim, and convincing that victim to provide valuable information that they would not normally disclose.
What is elicitation insider threat awareness? Elicitation is the use of conversation to extract information discreetly. An insider threat is typically an authorized person who intentionally or unintentionally uses or discloses information or systems that compromises an organization. Elicitation insider threats typically emerge from seemingly harmless communication. Elicitation insider threat awareness is educating staff to recognize the possibility of a threat.
How to prepare for your physical penetration test?
To prepare for physical penetration testing, you need to:
- Understand your assets. What is it that those with malicious intent might seek to access?
- Identify parameters, objectives, and priorities. What do you want to verify or evaluate?
- Define who will be aware of the penetration testing before it starts
- Consider your threat actors. This might be a malicious insider, an angry ex-employee, an organized crime unit, an opportunist jumping on a crime of opportunity, nation-states
- Determine who is going to be the company's point of contact during the execution of the testing.
How long does it take to do penetration testing?Depending on the size of the penetration test, it could take as little as two to three weeks.