Many businesses understand the need for strong cybersecurity. Investing in sophisticated forms of defense such as managed detection and response and penetration testing alongside traditional types of security, organizations could consider themselves well prepared and defended against the possibility of attack.
But this can make it easy to overlook the possibility of a physical attack against your IT system. Here we take a look at some of the most common ways that cyber criminals can utilize physical attacks against your company, as well as some of the tactics and techniques that you can use to defend organization against them.
It can sometimes be easy to think of cyber criminals as solely operating online. However, remember that ultimately, cyber criminals could be referred to simply as criminals. They are real people attempting to defraud or steal from your business and they will use any means within their grasp to do so. So, do not discount the possibility that cyber criminals looking to attack your IT infrastructure will carry out physical surveillance on your company first.
Physical surveillance can tell a hacker or criminal a lot about how they can potentially break into your system. Think about what could be learned about your staff from physical surveillance – criminals can leverage this information to make it easier for them to hack into your system. It is important to put in steps to make it as difficult as possible for criminals to carry out surveillance. This could include installing CCTV around your building or preventing unauthorized access to your site by vehicles that could be used for surveillance.
Attacks on Hardware
You shouldn’t discount the possibility of criminals gaining access to your building and carrying out an attack on your hardware. Think about your business practices – do your staff all individually log into a computer system? And if so, do they switch their computers off at night? It could be the case that all criminals need to do to gain full access to your IT system is to break in and use a computer that has been left on.
Data and personal information stored on your system could be extremely valuable, especially if you don’t know what has been viewed or accessed. This is why it is so important not only to invest in physical security measures, but also to insist on staff following best practices for cybersecurity. This includes using strong passwords and locking computers when they are not being used.
Another worry for businesses is the threat that comes from insider attacks. Of course, the vast majority of employees would never dream of stealing or leaking data, but there is a small minority who go rogue. According to security software provider McAfee, insiders are responsible for 43 per cent of data breaches – so this problem might actually be a lot more common than you realize.
The big question is: What can you do to minimize the risk of insider attacks? It might seem like an impossible task but there are actually many things you can do to mitigate the possibility. Manage permissions so that individual staff members only have access to the data they need to do their job. You can also implement software that logs and monitor employee actions. While this can’t eliminate the possibility of attack, it can at least make it easier to deal with the clean-up.
It’s also important to be aware of physical attacks that involve social engineering. If a criminal can gain access to your building, they can leave a USB stick on a desk with a faked message. When this USB stick is inserted into the machine it can infect it with malware or ransomware that can then spread throughout the system.
This is why it is important to implement a full range of physical security measures. This could include passcode-protected doors and a main entrance with a lock. These simple additions can make it much harder to carry out this kind of attack against your business.
Mike James is an independent writer based in Brighton, UK specializing in cybersecurity and the threats posed to businesses of different sizes. Working on a project together with Sussex-based concrete barrier and site-security firm Maltaward, Mike is assessing how physical security threats are impacting the cybersecurity and GDPR for businesses.