Skip to content
EN

Enhancing Physical Security in Investment Companies: A Comprehensive Approach - Part 2

Our first article was a description of physical penetration testing. This second part is a feedback about a real-life case in Luxembourg. 

Picture of Nicolas Aunay By  5 min read

While investment companies invest heavily in digital security, our real-world assessments reveal that physical security often lags behind. Drawing from our on-site findings with an investment firm, this blog explores how physical vulnerabilities can pose serious risks. Learn how a comprehensive security approach can protect both people and critical assets.

As investment companies handle sensitive financial data and transactions, ensuring robust physical security is paramount. In response to the growing need for a comprehensive security strategy, this article delves into the findings of a recent penetration test conducted by a team of two pentesters over a span of two days, both day and night. The objective was to assess vulnerabilities related to unauthorized access and potential insider threats. The scenarios explored include opportunistic approaches, emergency door situations, employee access, and the exploitation of cleaning staff and window washer roles.

Opportunist
The Scenario

Opportunist Scenario

During opportunistic attempts, the penetration testing team successfully entered the premises by tailgating employees. This highlights the importance of heightened employee awareness and the need for security measures such as turnstiles and access control systems.

 

Emergency Door
The Scenario

Emergency Door

The emergency door was identified as a potential weak point. The team managed to gain access through the emergency exit, emphasizing the necessity of monitoring and securing such exits.

 

employeeAccess_v1
The Scenario

Employee Access

Testing employee access controls revealed a few instances where unauthorized access was granted due to lax badge management and insufficient employee training. 

 

 

cleaningStaff
The Scenario

Cleaning Staff and Window Washer

Exploiting the cleaning staff and window washer roles, the penetration testers successfully gained access to restricted areas. The company should enhance vetting procedures for third-party contractors and implement stricter access controls during non-business hours.

 

The penetration testing results underscore the critical importance of a robust physical security strategy for investment companies. By implementing the recommended measures, these organizations can fortify their defenses against unauthorized access and potential insider threats.

Continuous monitoring, employee training, and stringent access controls are pivotal components of an effective security posture, ensuring the protection of sensitive financial assets and maintaining the trust of clients and stakeholders.

To find out more, take a look at our conference (in French) on physical intrusion:

 
Home

You may interested in

Incident bell icon

Immediate reaction

Do you need immediate reaction in front of a Cyber attack? Just call us.
+41 21 519 05 01

Our support team is available Monday to Friday, 8:00 AM to 6:00 PM. Customers with an active SLA benefit from 24/7 access. 

Please note: We exclusively support companies and organizations — private individuals are kindly asked to contact their service provider or the local authorities.