Physical Testing & Social Engineering
People are always the weakest link!
Our testing methodology is tailored to each New Zealand organisation’s specific needs and IT infrastructure. Tesserent experts attempt to manipulate an organisation’s employees into allowing unauthorised access to confidential information. This allows the organisation to test their:
By engaging Tesserent to perform this test, you can identify failure points. Once you have your benchmark, Tesserent can help you better inform and educate your staff to be attack and hacker-aware through our Security Awareness Training.
We start by listening.
Off-site: A remote Social Engineering engagement involves the manipulation of the organisation’s staff by telephone or email in an attempt to get employees to divulge usernames, passwords, customer NPPI (Non-Public Personal Information) or other confidential information. Scenarios might include:
On-site: During an on-site engagement, Tesserent will use various techniques to gain physical access to obtain records, files, and/or equipment that may contain confidential information. The on-site engagement techniques typically include:
The aim of these engagements is to test for and improve, for example:
Our ultimate aim is to help you better inform and educate your staff to be attack and hacker-aware.
Physical testing is a method used in cybersecurity to test the security of a physical facility, such as a data centre, by attempting to gain unauthorised access to the facility. The goal of physical testing is to identify weaknesses in the physical security controls of the facility and provide recommendations for improving security.
Social engineering is a method used in cybersecurity to manipulate individuals into performing actions or divulging sensitive information. Social engineering attacks can take many forms, such as phishing emails, pretexting, baiting, and tailgating. The goal of social engineering is to exploit human vulnerabilities and gain unauthorised access to a system or network.
Physical testing and social engineering often work together in a comprehensive cybersecurity assessment. Physical testing can help identify vulnerabilities in physical security controls, such as access controls and surveillance systems, while social engineering can help identify vulnerabilities in human behaviours and processes, such as password policies and employee training.
Some common physical testing techniques used in cybersecurity include lock picking, badge cloning, tailgating, dumpster diving, and wireless signal scanning.
Some common social engineering techniques used in cybersecurity include phishing emails, pretexting, baiting, tailgating, and watering hole attacks.
Physical testing and social engineering are important in cybersecurity because they help organisations identify vulnerabilities in their physical and social security controls that can be exploited by attackers. By conducting regular assessments and implementing appropriate controls, organisations can reduce the risk of physical and social engineering attacks and better protect their assets and data.
Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.