It only took an embroidered hat and polo shirt for Trustwave's Senior Security Consultant Philip Pieterse to gain access to a media outlet's offices, systems and private data. Posing as a telecommunications engineer, Pieterse walked into an office full of people, sat down at the Managing Director's desk and downloaded a sensitive file. The Managing Director's colleagues noticed Pieterse but didn't say anything because they didn't want to cause a stir.
"…once he was in the building no-one thought to question him or ask for official ID. I was not pleased," noted the Managing Director in the article in South Africa's "htxt.africa" which can be read here.
As Pieterse explains:
"Once somebody is inside, others often believe they are supposed to be here. It's amazing how far you can get into a building just by being nice to people."
Sometimes the only way to instill security consciousness within a company and promote effective security awareness training is to show employees how easily they can fall victim to hacks such as those ethically performed by the SpiderLabs team at Trustwave.
Once they understand what it feels like to be a victim of a hack (ethical or otherwise), employees may think twice before making a bad security decision.
Learn more about Trustwave's Penetration Testing services here.
