IPP recently conducted a Risk Assessment and Identity Cloning exercise on behalf of a major client
Our client engaged IPP to undertake a Risk Assessment and Identity Cloning Exercise to determine the ease of access into their physical locations and the security of their confidential information and systems, together with recommendations for improvement.
• Risk Assessment & Assurance
• Identity Cloning
The risks associated with the close geographical proximity to their competitors and the potential threat for opportunistic visibility of sensitive or commercial information within their offices was the initial driver for this review. IPP also used this as an opportunity to discover further vulnerabilities the organisation may be exposed to.
Consultants carried out a site inspection of all outward facing offices and meeting rooms to assess what visibility would be achievable, providing recommendations and associated budgets for countermeasures. Additionally, consultants carried out an Identity Cloning exercise to covertly test if the premises could be easily accessed, and if sensitive information could be obtained by an outsider with no internal knowledge of the operations or workings of our client’s business.
Using social media, company press releases, building schematics (gained by claiming to be a university student) and counterfeit identification passes created by our consultants, we were able to get through all security with ease and to enter the client’s building and systems.
IPP consultants gained access onto the company’s internal network, sent emails from an internal computer, copied sensitive information and planted foreign files onto a secure machine within the internal network (locally).
IPP proved conclusively that existing security measures and staff training were not in place to protect the information and physical offices of our client. Countermeasure strategies and practical solutions were identified and recommended to address the identified security concerns in order of priority.