RedTeam Security’s team of security consultants will use the same kinds of tools that criminals use. These can range from electronic devices and apps that can pick up information from wireless connections to lock picking sets. In some cases, the security consultants may simply use diplomacy to try to entice employees to unwittingly cooperate with their simulated attack.
For example, businesses may have decent physical security against such outside threats as lock picking; however, at least one-third of companies suffer data breaches or other issues because of insider-initiated crimes. In other words, the problem starts with employees who gain access to data centers with their credentials but then use that access for criminal or malicious reasons.
In other cases, bad actors may convince well-intentioned employees to let them in by pretending to be another employee. They might even gain access to a meeting room and simply pick up credentials or information left discarded in the trash.