Physical Testing & Social Engineering

People are always the weakest link!

Tesserent’s Social Engineering engagements test in New Zealand whether your security controls (physical, human, email, phone) can be bypassed.

How we can assist:

Our testing methodology is tailored to each New Zealand organisation’s specific needs and IT infrastructure. Tesserent experts attempt to manipulate an organisation’s employees into allowing unauthorised access to confidential information. This allows the organisation to test their:

  • Information Security Policy and
  • Employees’ adherence to that policy.

By engaging Tesserent to perform this test, you can identify failure points. Once you have your benchmark, Tesserent can help you better inform and educate your staff to be attack and hacker-aware through our Security Awareness Training.

We start by listening.

Frequently Asked Questions

Why Should I Perform Social Engineering Testing In New Zealand?

  • People are generally the weakest link in any security program. This includes both employees that deliberately steal corporate data and, more commonly, employees who, lacking the necessary understanding and awareness of IT security, make mistakes.
  • Human error is the most common entry point into an organisation. Phishing attacks, social engineering and lack of security patching remain the most common attack points.

What is the difference between on-site and off-site testing?

Off-site: A remote Social Engineering engagement involves the manipulation of the organisation’s staff by telephone or email in an attempt to get employees to divulge usernames, passwords, customer NPPI (Non-Public Personal Information) or other confidential information. Scenarios might include:

  • Pretext Calling (e.g Employees and Help Desk Teams)
  • Spoofing emails to make them appear like internal emails.
  • ‘Dropped USB’ - luring employees to run payloads.

On-site: During an on-site engagement, Tesserent will use various techniques to gain physical access to obtain records, files, and/or equipment that may contain confidential information. The on-site engagement techniques typically include:

  • Dumpster diving
  • “Trusted Authority” disguises, such as fire inspectors, air conditioning repairmen, etc.
  • Employee Impersonation (IT HelpDesk, New Hire and Auditor)

The aim of these engagements is to test for and improve, for example:

    • Secure physical access to secure areas
    • Proper Disposal of Sensitive Data
    • Privacy Policy Awareness and Implementation
    • Violation Reporting
    • Access Privileges

Our ultimate aim is to help you better inform and educate your staff to be attack and hacker-aware.

What is physical testing in cybersecurity?

Physical testing is a method used in cybersecurity to test the security of a physical facility, such as a data centre, by attempting to gain unauthorised access to the facility. The goal of physical testing is to identify weaknesses in the physical security controls of the facility and provide recommendations for improving security.

What is social engineering in cybersecurity?

Social engineering is a method used in cybersecurity to manipulate individuals into performing actions or divulging sensitive information. Social engineering attacks can take many forms, such as phishing emails, pretexting, baiting, and tailgating. The goal of social engineering is to exploit human vulnerabilities and gain unauthorised access to a system or network.

How do physical testing and social engineering work together in cybersecurity?

Physical testing and social engineering often work together in a comprehensive cybersecurity assessment. Physical testing can help identify vulnerabilities in physical security controls, such as access controls and surveillance systems, while social engineering can help identify vulnerabilities in human behaviours and processes, such as password policies and employee training.

What are some common physical testing techniques used in cybersecurity?

Some common physical testing techniques used in cybersecurity include lock picking, badge cloning, tailgating, dumpster diving, and wireless signal scanning.

What are some common social engineering techniques used in cybersecurity?

Some common social engineering techniques used in cybersecurity include phishing emails, pretexting, baiting, tailgating, and watering hole attacks.

Why is physical testing and social engineering important in cybersecurity?

Physical testing and social engineering are important in cybersecurity because they help organisations identify vulnerabilities in their physical and social security controls that can be exploited by attackers. By conducting regular assessments and implementing appropriate controls, organisations can reduce the risk of physical and social engineering attacks and better protect their assets and data.

Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 7 min