Probably one of the most interesting incidents I have investigated was the theft of computers from a university.
The perpetrator had done a good job scouting out the procedures of the organization, and through his reconnaissance put together a whole deal of information.
He knew for instanceHe knew for instance that onHe knew for instance that on Fridays most of the staff will have left the establishment by 2 PM.
Only assisting staff, and janitorial staff would be around.
All of the senior staff, professors, IT staff were gone at that time.
He entered the building, and presented apparently correct paperwork to the secretary.
The paperwork was well forged, and presented the secretary with no reason for objection.
She escorted him to the server room, where she left him unattended to finish up her paperwork before the weekend.
Because she Even unlocked the room for him, it was easy to clear out the entire IT infrastructure of the University because he was unobserved for hours.
The picture that presented later on to law-enforcement was one of a kind… Everything had been taken. Servers, switches, cables, server cases, racks, etc.
I was later hired to check the systems for breaches, and whether the criminals had gained their intelligence about security measures by System infiltration.
In my concluding report I found no evidence to underline that assumption.
It does prove valuable point though.
Access control to buildings is insanely important. So our logs about who visits; these must of course have some sort of valid identification as a foundation. Even then there is no absolute security unless the visitor is constantly monitored by an employee during their stay in the facilities.