Preventing sabotage and theft: How red teams can uncover gaps in physical security


Click here to read our complete white paper about Red Teams

An unidentified man just entered your company’s data center. In his right hand, he carries a small bottle of liquid. He proceeds to spray the entire contents of the bottle into the cooling vents of your company’s servers. Within minutes, the servers fail and shut down the company’s entire operations. Does this situation sound too far-fetched? It actually happened at Frost and Sullivan, a market research company based in Oxford, England.

While such events of sabotage rarely occur, the damage that results when they do happen can have catastrophic consequences.

Regardless of the type of potential attack, companies can take steps to prevent physical security breaches and the damage that can result. Increasingly, companies use “red teams” to test their physical security and identify gaps in their ability to prevent unauthorized access. First created in the government sector, a red team seeks to capture an unvarnished picture of a company’s state of physical security readiness. To ensure that they conduct an accurate and complete assessment, red teams normally perform their work covertly, only notifying a small group of employees about their plans.
Physical Penetration Testing (PPT) is a more sophisticated version of a red team and involves identifying the effective, ineffective, and redundant security options currently in place. PPT includes providing a detailed report of findings and recommendations and then forming a partnership with a security system provider to implement meaningful and cost-effective changes.

To conduct either PPT or a red team exercise, companies often turn to experienced security firms with extensive experience in the corporate arena. Engaging an unbiased third party helps ensure the element of surprise and allows a company to benefit from the security firm’s experience in conducting similar exercises for other businesses across a range of industries. By uncovering weaknesses in their physical security, companies have the opportunity to shore up gaps and avoid becoming the victim of an attack.

Conducting a red team exercise provides critical intelligence that companies can use to
harden their physical security defenses. Further, maintaining an effective physical security requires periodic assessment designed to validate the approach and uncover inherent weaknesses. The longer a gap exists – regardless of when it developed – the higher the probability that someone will exploit it.