TLDR: In the wake of new and evolving cyberattacks, it can be easy to overlook the some of the oldest and most effective methods of attacking your organization. Physical attacks, sometimes known as physical infiltration or physical penetration, are a common way that bad actors try to gain access to your organization. Your managed IT Security solutions should include defense against physical attacks.
It’s Time to Pay Attention to Physical Attacks
Sticky notes, USB drives, charger cables, and trash day could be just as dangerous for your organization as a sophisticated cyber attack. Physical attacks have been a consistent method for cybercriminals to try to infiltrate your organization. Now, bad actors are increasingly integrating physical elements into their cyberattacks.
Physical Attacks: Intelligence Gathering Schemes
Physical attacks often start with intelligence gathering schemes. These schemes are often quite low-tech, like staking out your workplace to identify physical vulnerabilities or digging in the trash to find important documents that were not shredded. Additionally, bad actors will often sneak into workplaces to try to find passcodes left on sticky notes and taped to desks.
Physical Attacks: Social Engineering
Oftentimes, hackers are portrayed as entities that only act behind a computer screen. Social stereotypes of hackers can cloud the reality that a hacker could be the random person you see wandering the halls without a visitor badge. Here are some of the social engineering tactics that hackers will use.
- Appeals to Authority: Hackers may come into your organization pretending to be law enforcement officers demanding information. Social engineering schemes can also take place digitally, impersonating celebrities, and governmental figures. They will use the power dynamic inherent in their assumed role to coerce information out of individuals
- Appeals to Familiarity: Hackers may come into your organization pretending to be a representative from a company that your team may be familiar. That false sense of familiarity may lead your team to share information that they would not otherwise share.
- Appeals to Good Nature: Hackers may appeal to your team’s good nature by approaching a your place of business and asking for help. This appeal might be an excuse to leave a piece of malware as bait or seek information from your team. Hackers might also appeal to good nature by tailgating employees, hoping that they will gain access to restricted areas due to people’s willingness to hold the door open for others.
Physical Attacks: Baiting the User
These physical attacks usually bait the user into plugging something that is packed with malware into their work or personal devices. A physical bait attack that has become highly popularized in modern media is the malicious USB drop. The Television show Mr. Robot showcased this method of physical attack, but it doesn’t just work in the media. In one study conducted at the University of Illinois and University of Michigan, about 48% of users plugged in drives they found on the ground. Other physical bait attacks can include card skimming devices and malicious USB cables.
The Solution: How Isogent can help Safeguard your Business
Physical attacks show that you have to do more than protect your digital systems in order to keep your organization safe. Your users also need to be trained and protected against physical attacks that threaten your company. To do this, you need a specialist that will work with you to provide user focused IT security. Isogent’s people first ethos can help customize your cyber security to work for you and your users.