Throughout the year, we've seen most of our penetration testing clients request a physical security assessment in conjunction with their logical testing. Does that seem counterintuitive in a post-pandemic era when the majority of folks are working remotely (at least a fraction of the time)? Read on to understand why these assessments are ostensibly more important now than ever before.
Life Before the Pandemic
Remember the old office days? That line of cars at the stop sign near the end of your neighborhood. The line at the drive through for coffee. Fighting for “the good parking space.” All relics of a time long since passed. Back then, distance was a unit of measure not a way of life. People talked to each other, shook hands, and genuinely carried on a good conversation. Said differently, anyone that kept to themselves stood out.
Life in the Aftermath
Not so easy to find a line of cars these days, except Starbucks, where we speculate they’ve been adding highly-addictive substances to the Verona blend for years now. The reality is, keeping our distance is the new normal and, when coupled with sparsely occupied office space, means threat actors can gain free rein access to facilities.
As an experiment, I recently attempted to “pick a lock” in 1) broad daylight 2) at the entrance to an office suite 3) inside an occupied multi-tenant building 4) while people were waiting for the elevator! And guess what happened? Nothing. I got bored after opening the door for the fifth time, packed up, and left. No one said a word.
What You Should Be Thinking About Now
It’s important to constantly evaluate your security threat landscape as it’s likely always in flux. How has your office changed since the COVID pandemic? Are you still in the same office? Do you still have the same on-site workforce? What on-prem infrastructure do you still maintain? How is access to that infrastructure monitored? Are anomalous events reported on (e.g., the data center door being forced open)? What CCTV footage do you have of your office space? What is the retention period for that footage? Is it still enough now that events might not be detected for days If no one comes into the office?
Is a Physical Penetration Test Right for You?
For most companies, the pandemic has altered the physical footprint for an organization, either by staff numbers or square feet. Considering the status quo has changed, how well do we understand the risks we’re now likely to face in the wake of that change? If it’s time to reassess your physical security posture, we’re here to help. Contact a team member using our contact form and we’ll have a chat on us to discuss if physical security testing is right for you.
Send Us Your Comments
What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.