How safe is safe? Exploring the vitality of physical security in an ever-evolving world and its parallels to cyber security

Have you ever considered whether an adversary could breach your office or server room? Have you evaluated the vulnerability of your Operational Technology (OT) sites? What about the response time of your security partners and vendors?

In today's interconnected world, the importance of physical security cannot be overstated. It is the foundation upon which all other security measures are built. Physical security, much like cybersecurity is essential for protecting assets, ensuring the safety of personnel, and maintaining the integrity of operations. The principles that govern physical security are strikingly similar to those of cybersecurity, reflecting a shared goal of safeguarding critical resources against threats.

At its core, physical security involves measures designed to prevent unauthorized access to facilities, equipment, and resources. These measures include barriers such as fences, locks, and security personnel, as well as surveillance systems like cameras and motion detectors. The objective is to deter, detect, and respond to unauthorized intrusions. This concept parallels the fundamental goals of cybersecurity, which aims to protect digital assets through firewalls, encryption, access controls, and monitoring systems

While companies often focus on red/purple team exercises for their ICT assets, physical security assessments are equally critical yet frequently overlooked. As cyber security evolves in Australia, so too does the importance of physical security. Increasingly, organisations are conducting more physical penetration tests and site audits to safeguard their physical assets.

But how about a physical purple team exercise? What delivers the most value for your organisation? In this talk, we will delve into the practical distinctions between physical penetration testing and physical security site audits. We'l also share our approach as penetration testers, offering insights into how you can fortify your digital and physical environments against potential threats and what are the best ways to assess the existing controls.