Tuesday, 6th February 2024

Undertaking unannounced audits and penetration tests are challenging for the testers and the organisations being tested. What is success?

On the 5^th of February 2024, staff from Trident Manor deployed to the south of Ireland to undertake a penetration test on a facility processing sensitive electronic data as well as their main office building.

Surveillance was conducted over several hours to identify any weaknesses and vulnerabilities (doors being left open, tailgating, poor operational practices), but none were observed. The operative then proceeded to attempt to gain entry to the sensitive data processing area, but the physical and electronic access control measures were robust and could not be bypassed.

An attempt was then made to bluff and covertly enter the main offices of the organisation. While access was gained to the reception area all other areas were controlled electronically and when attempting to ‘tailgate’ they were formally challenged by the team member. This required them to declare their true identity and activities.

Time was then spent with senior managers to review existing governance and look for exploitable vulnerabilities, there were none.

Andy Davis stated, “This was a successful test for all parties. As Trident Manor had advised them in 2022 it was good to see that the physical, technical, and operational practices had been implemented.” He added, “Not every pen-test has to succeed and therefore a failure to enter is a success for the client and the tested organisation.”

For more information about the announced security reviews and penetration tests undertaken by Trident Manor please feel free to contact us.