After a security breach at one of their premises and in light also of the recent terror attacks in both London and Manchester, this leading media and telecommunications company had questions around its physical security posture. Concerned about its duty of care to both employees and visitors to their premises, the organisation wanted to take a fresh approach to test the effectiveness of its security processes and controls.
The organisation partnered with Esoteric, who carried out a programme of short notice, physical pen tests on eight of their key premises across the UK. Taking a phased approach, opportunist and planned penetration tests were undertaken using covert techniques to gain access to, and where possible move within, each site to examine the security process, culture and technology resilience.
The penetration test teams successfully accessed a number of buildings and, on completion, detailed the vulnerabilities identified in a written report. In addition, Esoteric proposed and developed a program of follow-up training. One course for security officers and receptionist staff who are primarily tasked with protecting the organisation’s premises, and general awareness training for the wider staff population in order to minimise the facilitation of access into key areas.
Due to the quick turnaround of the penetration testing, the organisation was able to put remedial processes and controls
in place almost immediately that mitigated the vulnerabilities and threats identified during the testing. The ongoing educational program raised security awareness within the organisation as a whole which was evident when subsequent
physical penetration tests were conducted.