Scroll Top
Compliance benefits
A rather different pentest

We have been subjecting our infrastructure and applications to annually-recurring penetration tests for years. However, last week, a different penetration “test” took place… and as it turns out: inadvertently!

Someone broke into our offices by forcing a window open, went through our office space, even broke into our server-room, and left with … nothing?!

Of course, we were shocked at first! We saw on photos taken by our security-cameras the perpetrator using a screwdriver and brute-force to open locked doors and we saw the perpetrator moving swiftly from room to room…

The next morning we took inventory of the damage and also of all computer equipment that was in the office. We have been maintaining a detailed and up-to-date Inventory of Assets and could quickly conclude that there was nothing missing! This was in accordance with our expectation after the initial study of the security-camera footage: the perpetrator spent a meagre 7 seconds in our server-room, leaving the room while still holding the screwdriver in one hand, as when entering it. Moreover, the entire “visit” in our office space took no more than 3 minutes or so.

Nonetheless, we checked carefully whether tampering with any systems had taken place (e.g. by leaving a USB-Stick inserted, adding/removing cables, re-wiring components, etc.) but again, this was not found to be the case.

And, thus, we were (and still are) somewhat baffled as to the purpose of the break-in.
Our hunch is that it was totally unexpected that all the office lighting would turn on triggered by movement sensors. Additionally, because the office has mostly glass walls, there is hardly any place one can stay out-of-sight from bypassers (mind you, it was dark outside and brightly illuminated inside and still quite some people were leaving their offices). And last, but not least, the presence of our security-cameras might have also indicated that a silent alarm had been raised and time was limited…

So, all’s well that ends well!
And then we realised that we had a unique opportunity at hand and decided to treat this incident as a (physical) penetration test! We looked at what went well for us and what could have gone worse. We realised that our Clear-Desk, Clear-Screen, and Password Protection policies, as well as our Asset Management are working efficient! And as an improvement, we will soon be adding a security-camera for an area that was not entirely covered.

Of course, we would have rather had this test be played out as a simulated test than be confronted with this real-life situation; but we will grab any opportunity to learn from this incident!

server-room break-in
burglar - duh
Our website uses cookies from third-party services to improve your browsing experience.
Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our Privacy Notice. The link can be found in the footer area of this window.
Required
Tracking
We use Google Analytics to understand how visitors engage with our website . If you don’t want Google Analytics to be used in your browser, you can install the ‘Google Analytics Opt-Out Browser Add-On’, provided by Google.
Required
Google Maps
This website uses Google Maps to display our office address and provides directions to our offices from a location supplied. If you do not ask for directions, your location will not be tracked.
Privacy Notice