Security investment is at record levels and yet few companies spend much looking after the most vulnerable part of their network the mobile device.
This is the message from penetration testing companySecuretest, which for the fifth year in a row will use its stand at Infosecurity to run live demonstrations of various techniques for hacking laptops.
According to managing director Ken Munro, few people realise how simple it is to extract information from a lost or stolen laptop, and to use the machine as a platform to attack the company network.
The company plans to demonstrate techniques for bypassing device security such as low-level BIOS passwords, complex passwords, and for uncovering sensitive data, escalating privileges to admin level, and even bypassing authentication.
The criminal doesnt have to be in possession of the laptop itself for this to happen as wireless and Bluetooth are both channels for remote attack. The machine can also be used through a variety of mediums - including the now-standard VPN connection - as a means of gaining access to the corporate network.
The security of the corporate network is now where other people could have access to it, said Munro referring to the proliferation of mobile computers. All of a sudden, the perimeter is difficult to define.
Few companies used technologies such as full disk or file encryption to protect themselves. However, according to Munro, Securetest is technology neutral, and sells its services on a consultancy and know-how basis only.
Securetest will be running 36 demonstration laptop hacking sessions over the three days of the show from stand 650.