An organisation's physical security is just as important as digital security in ensuring their assets remain free from compromise

What Is It?

Physical security reviews are audits that assess the effectiveness of an organisation’s physical safeguards designed to protect its assets, personnel, and data. These reviews examine various components such as access controls, surveillance systems, environmental protections, and emergency response procedures to ensure they are adequate and functioning as intended. By identifying vulnerabilities in physical security measures, such as unsecured entry points or inadequate surveillance coverage, organisations can implement improvements to prevent unauthorised access, theft, and damage to their critical infrastructure.

What Challenges Can Be Addressed By Physical Security Reviews?

Weak Access Controls

Organisations frequently use weak access control mechanisms that can be abused by attackers to gain physical access to space intended to be restricted. This can include weaknesses such as outdated keycard systems that attackers can abuse by cloning cards, or security turnstiles that allow for tailgating.

Staff Awareness

Staff can often be the weakest link in an organisation’s security, and attackers know and abuse this fact. This can include employees holding doors that would usually require a pass to open, not challenging unknown people entering the building, or not properly reviewing a person’s identification.

Surveillance Gaps

The surveillance used by an organisation can often contain blind spots that attackers can identify and abuse knowing they won’t be seen. Physical security reviews assess the surveillance used and ensure that no blind spots that can be abused exist.

The Forfend Methodology:

Pre-Assessment Planning – During this phase Forfend consultants will work alongside the client to plan out what is and isn’t in scope for the engagement. This will also include defining any specific objectives, such as accessing specific corporate assets or areas of the building.

Reconnaissance – Passive reconnaissance, such as reviewing the location on Google Maps, visiting the site and watching employee and security guard tendencies, and identifying any access controls will be carried out, to put together a plan of attack for the next phase.

Attempted Breach – Finally, Forfend consultants will attempt to gain ‘unauthorised’ access to the site using the information previously identified. This may involve attempting to tailgate an employee, cloning an access card, or abusing weaknesses in the access controls. Once inside, Forfend consultants will attempt to achieve any pre-defined objectives.

Why Choose Us?

Experience, Qualifications and Expertise

All Forfend consultants are highly experienced and qualified penetration testers who hold the highest industry certifications. Experts in a comprehensive portfolio of testing methodologies, we identify system vulnerabilities and offer practical remediation advice, in a manner that is understandable and digestible by everyone from management to developers.

Personalised Consultancy Services

We deliver highly personalised, professional consultancy services; the consultant carrying out the engagement being involved throughout the entire process, from initial scoping to testing, reporting, and responding to questions that may arise once the remediation process is underway.

Value For

As a small cyber security consultancy with limited overheads, we’re able to offer prices that are very competitive when compared to the rest of the industry, yet still deliver a high quality engagement. Forfend consultants are well versed at identifying vulnerabilities missed by other consultants.

Experience In A Range Of Industries

Our consultants have experience working in a range of different industries, from central government departments, critical national infrastructure, and councils, to legal, finance and technology sectors. Forfend consultants understand the threats and challenges faced by each industry, and are suited to offer testing types tailored to each sector’s needs.

Drop Us A Message

      11 Brindley Place, Brunswick Square, Birmingham, B1 2LP

      Latest News From Blog

      27. Jul 2023

      From Default Printer Credentials to Domain Administrator

      Devices like printers are implemented into nearly every organisation’s corporate infrastructure, yet often little thought is put into considering the security risks

      11. Feb 2023

      Securing Virtual Private Networks (VPNs)

      Virtual Private Networks (VPNs) have become a critical tool for businesses and organisations to secure their online communications and protect sensitive data as more and more employees adopt remote working in the post-COVID world.

      24. Oct 2022

      Password Policies: A How-To

      A strong password for user, administrative, and service accounts is the first line of defence securing these accounts against compromise. Making sure the organisational password policy is of an adequate nature is an essential step to help protect an …

      24. Oct 2022

      Penetration Testing vs Vulnerability Assessments

      When it comes to cyber security testing, there are two types of testing that are often confused. Penetration testing and vulnerability assessments are two different types of tests …