Often the first step in the attack chain employed by modern hackers is to gain access to the network so they can begin to enumerate devices and capture traffic in an attempt to find a way of gaining privileged access to resources.
The movies would have us believe that all hacking starts from the internet, some shady character in a darkened room or an overly modified van with cables running to a nearby telephone pole. The reality of the situation is that often the easiest method to gain a foothold on a target network is to simply gain access to the building and plug a device directly into the physical infrastructure. On paper this sounds like a risky endeavour but due to the convenience of modern offices as well as people coming and going due to the increased use of contractors and remote working it can often be much easier to gain access to buildings and critical resources than you think.
There are two reasons for undergoing a Social Engineering Assessment – to review the physical security of your company’s premises and your staffs response to unknown people walking about the workplace.
This assessment is important as it usually highlights the ease of which people can access your company’s premises. The assessment also highlights areas of improvement for staff and the importance of up-to-date staff security training to ensure an established process is documented, outlining detailed steps for staff to take when unknown individuals are on site.