© 2019 RSM US LLP. All rights reserved.
Physical Penetration Testing
Physical penetration tests show how a malicious actor might gain physical access to your facilities; these types of tests help you to prevent such an occurrence.
Organizations that hold valuable assets in their facilities should test whether physical security controls alert to and prevent unauthorized access. Physical security vulnerabilities can expose your organization’s most precious resources to catastrophic risk. For example, attackers can steal sensitive data, damage property, gain access to information systems and perform other malicious activities.
While most companies have physical controls, they may not be calibrated to the specific company environment, leading to false positives (where no threat exists) or overlooked events (where the threat exists but is not noticed). Defense systems must be coordinated and used stringently to be effective. Otherwise, gaps arise that give attackers their chance to subvert the effectiveness of the whole security program.
RSM performs a physical security assessment from the perspective of an attacker to determine whether such physical compromises are possible. The test subjects your organization’s physical security controls and procedures to a comprehensive, threat-representative test. While all approaches are non-destructive, this assessment closely mirrors the actions an attacker may take to bypass physical controls and obtain trophy data or access sensitive areas of your facility.
This assessment begins with an extensive search of open source intelligence on the target organization to gather information for pretexting and determine potential avenues of approach. Once in the vicinity of the target location, our professionals conduct close target reconnaissance to identify potential vulnerabilities in physical, technical and administrative controls. Finally, our team attempts to exploit these vulnerabilities to breach the perimeter and penetrate further into the target facility. Your organization will come away with a more reﬁned understanding of its exposures, as well as detailed recommendations for addressing any vulnerabilities in both the near and long term.
The tests reflect the insights of our physical security team, whose members have held positions in ﬁnancial services security, military intelligence, community emergency response and security auditing. This experience gives our team the ability to pinpoint gaps in physical security controls and recommend both tactical and strategic improvements that support your business goals.