The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security. Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside-but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent.
It is well known that once an intruder has “inside access” to your systems and network(s), the level of damage and theft is exponential in nature. All your cybersecurity defenses, such as firewalls or intrusion detection systems, amount to nothing if an intruder can simply walk inside and, for example, plug in a USB stick and compromise your entire network. Therefore, physical security needs to be taken very seriously, but often it is lax and overlooked, which provides easy access to intruders. Attackers who steal, aka “thieves,” do not just rely on digital means to steal your information. Increasingly, physical penetration goes hand-in-hand with digital theft, as attacking your systems from the inside makes things a whole lot easier.