Preventing Outsiders From Becoming Insiders

Physical security and employee awareness can stop in-building attacks, experts say

Dark Reading Staff, Dark Reading

November 29, 2010

3 Min Read

When penetration testing company Secure Network Technologies needs to break into a client's facility, it frequently asks one of its staffers to just walk in the front door and claim to be a new employee.

In larger companies, this simple tactic frequently works; once inside, the attacker can install a rogue access point or some other hardware onto the network, says Steve Stasiukonis, managing partner of the Syracuse, N.Y.-based company, which specializes in the prevention of social engineering attacks.

Most enterprises are so focused on the ever-present network attack that they are missing obvious vectors inside their own buildings, Stasiukonis says.

"Once we are in the company, we bypass all the perimeter controls, the firewalls, everything," he says. "At that point, we can do anything."

Circumventing network defenses by gaining physical access to data is an attractive lure for attackers. While uncommon, attacks using physical access are not insignificant. Insiders accounted for more than one-third of the data breaches reported earlier this year by Verizon Business and the U.S. Secret Service. Physical access contributed to breaches in 12 percent of all cases, only a small number of which included insiders, says Wade Baker, Verizon's director of risk intelligence.

The most common physical attack involves an unauthorized user sitting down at an employee's computer and accessing restricted data. In rare instances, criminal groups have planted an accomplice in a call center or data center in order to get access. In either case, the ability of insiders to access systems and devices makes such physical attacks difficult to stop or even detect.

"Insiders typically have some level of physical access to the assets they compromise -- this makes preventing bad behavior difficult," Baker says. "Because of this, controls that can detect abnormalities are all the more important."

A company's employees are its first line of defense against attacks against physical assets, experts say. Employees should be educated to question new faces in the workplace and make sure that unknown people belong there, Stasiukonis says. Tailgating -- where one person follows an employee through a door without swiping his or her own badge -- should be discouraged.

Because insider attacks can be so costly, it's important to get employees to buy into the security program, Stasiukonis says. "The smallest amount of due diligence on behalf of the employee can return a million-fold to the company," he says.

Similarly, companies should encourage employees to log off their systems when they leave them, Stasiukonis says. Better yet, companies can adopt a technology that keeps an employee logged in only when they are nearby.

To fully detect anomalous behavior, however, companies need to tie together the monitoring of physical access -- such as the use of ID cards -- and logical access. Such integrated systems will raise a red flag when there are attempts to log onto a workstation before its owner has entered the building.

"When you tie the two -- physical and logical -- together, we get greater situational awareness," says Jeff Nigriny, CEO of identity and access system maker CertiPath. "Now we can say when a person enters a building, if it is their shift or not, or if they are accessing their account from both home and at the workplace."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights