Physical security and human error are frequently overlooked components of a sound cyber security program. However, these two areas are often the culprits in the headline-making data breaches we see every week. Physical and social engineering assessments test the non-technical elements of your security, evaluating the real-world security effectiveness of your physical systems and employees.
Physical security is your first line of defense against malicious actors, including disgruntled employees and those engaged in corporate espionage. Your physical security – encompassing the physical, electronic and human controls that protect your location – should be regularly evaluated, improved and validated in order to reduce the risk of data loss or business damage.
Focal Point's physical breach assessment is conducted surreptitiously. Our physical breach team surveys your physical location, gathering open source intelligence that can be used to profile the target. With an understanding of the controls in place, our team begins the breach exercise. We attempt to identify physical vulnerabilities through lock picking, media drops, tailgating, impersonation, device mailing and other control exploits. Our final report provides complete visibility into your physical security, with unique risk ratings for each uncovered vulnerability. We also provide evidence for all exploits, including photographs, hard copy materials and sensitive data retrieved.
An electronic social engineering assessment tests the security awareness of employees by enticing them to provide access to sensitive information or company resources. Social engineering identifies critical risk factors through different communication scenarios, including email and phone interactions. These attack scenarios introduce benign software into your environment which we use to assess the potential business impact of illicit access to the network.
Our final report provides an executive summary outlining the overall security awareness within the organization, as well as a detailed technical report including all specific vulnerabilities, severity of exploits and suggested remediation efforts to remove or mitigate risks.
Your security controls, policies and procedures are only as strong as the people implementing and following them. Social engineering provides your team with the information it needs to: