Beyond the Perimeter: Clean Pen Tests To Full-Blown Exposure

A fast-growing UK-based retailer with 70 years of experience in retail and over a century in manufacturing recently partnered with us to move beyond traditional security assessments and uncover real-world threats that could impact their business.

Today, organisations across the board are shifting towards hands-on, attacker-style engagements to move past assumptions and reveal actual weaknesses. By adopting the mindset of an adversary, they gain concrete evidence of what a breach could truly entail, transforming theories into grounded data.

TRADITIONAL PEN TESTS WEREN’T ENOUGH

For years, the retailer relied on standard penetration tests and vulnerability scans to meet compliance and insurance requirements. But their IT & Cyber Security Leader began to question the value of these exercises. His view was “If you carry on doing the same things every year, you’ll get the same results”.

With this exact concern happening repeatedly, they knew that something was missing. These assessments weren’t surfacing meaningful risks and how real attackers operate. With a flat network architecture where access to one system could mean access to all, they needed to adopt a threat-led approach to understand actual risks rather than a reliance on assumptions.

That’s why they turned to our Cyber Incident Baseline & Readiness Service to simulate threat scenarios and uncover hidden vulnerabilities.

SIMULATING REAL-WORLD THREATS

The engagement was designed to answer one critical question: What would happen if an attacker was already inside the network?

The results were immediate and impactful. From unknown servers discovered on the network, to devices with default credentials and demonstrating how a password-spray attack could take core applications offline, they “realised our biggest risk wasn’t just compromise, it was denial of service”.

By running this exercise, it opened up their eyes to how quickly operations could be disrupted and how exposed the business really was.

UNEARTHING THE UNKNOWN

Visibility was the first domino to fall. The team quickly realised they couldn’t spot or isolate problematic devices fast enough, which sparked an urgent push to roll out Network Access Control. But that was just the beginning. Their mindset shifted from “keep threats out” to “hunt them down once they’re in”. That internal pivot changed how they viewed their entire security posture.

The human factor was a critical lesson, observing that even with strong technical controls, social engineering and human error remain significant risks, as shown by attempts to manipulate staff during the engagement. “Staff learned not to change passwords just because someone sounded authoritative. That’s a win”. That moment hit hard. It wasn’t just about firewalls and credentials anymore; it was about culture.

ACTIONABLE INSIGHTS AND TANGIBLE ROI

When asking the customer what the biggest value of the engagement was, they said “Uncovering things we never would’ve seen with a traditional pen test”.

Previously unknown vulnerabilities, such as denial of service risks and exposed credentials, were identified and remediated. Staff behaviour improved through real-world learning, and security investments paid off.

Tools like PAM and NAC not only strengthened their defences by enabling better control and visibility over network devices and privileged accounts but also led to reduced insurance premiums and better coverage terms by demonstrating to insurers that they had robust measures in place.

THE SHIFT FROM REACTIVE TO PROACTIVE

This retailer’s journey shows what’s possible when you move beyond checkbox compliance and embrace threat-led testing. By simulating real-world attacks, they gained a deeper understanding of their environment, strengthened their defences, and built a more resilient business.