I used to do system-wide ‘blackhat’ consultancy for one of those big IT companies. We always found that the client companies were very good at hardening their routers/firewalls/servers etc but terrible about sorting out their human processes.
One such demo we gave to a client had me using their conference room speakerphone to call directory enquiries, ask for the client’s main reception number, call that, ask for their tech support number, call reception again ask for their Financial Director’s name, then call their tech support claiming to be the FD, had to be a bit loud and ‘boss-like’ but they very quickly reset his password and gave it to me, I dialled (they used MS RAS) into their system, logged in and sent myself an email saying ‘You got the job!’ – all in front of the FD concerned.
Basically people are always the weak point and you don’t have to be that sneaky to get around them. That said I do know of competitors who dressed as Police to gain access to our offices, luckily someone called ‘their branch’ to check up on them and they literally ran away once confronted.