Source: Information Age
In the context of cyber and information security, physical breaches usually conjure up images of laptops or USB sticks left on trains or unattended documents being taken. Physical break-ins to offices are often overlooked and not linked to cyber crime. It is difficult to quantify how common such breaches are as they tend to be less well-detected, but gaining unauthorised access to a building can be easier than hacking into a network remotely.
While the risks involved with physical security breaches are generally not worth the rewards for casual opportunists, for organised gangs or a motivated skilled attacker, a physical breach can provide powerful ‘foot in the door’ and onward access to the internal network.
Gaining access to a building does not necessitate an out-of-hours break-in. For every business, there are third-parties who are expected to enter offices and buildings for various purposes; landlord inspections, fire alarm maintenance, health and safety audits, cleaning of drinks dispensers, candidates coming in for interviews or suppliers arranging meetings with purchasers. The list is long and any of these could be used as a cover story for access by an adversary who wanted to gain access to an office.
The ‘high-vis’ effect is a well-known tactic. An individual in a high-vis jacket, who looks like they know where they are going, tends not to be challenged since there is automatic authority imbued within the reflective vest. Similar effects are seen with any kind of health and safety or audit requirement – these are activities employees don’t want to obstruct.
Tailgating is another very common problem. Even for businesses with card-based access control on all doors, it is relatively easy to follow authorised personnel into restricted areas. Sometimes they will even hold the door open for you. There is social pressure to be polite and closing a door in someone’s face is just plain rude, so many people can’t bring themselves to do it.
To address these…
Click here to read more
