As cyber security measures against high-tech cyber attacks gain a strong footing in various organization sectors, the rudimentary attack methods such as Visual Hacking have been given a back seat.
As a matter of fact, Visual hacking has been rated as the fifth under looked low-tech threat. Visual hacking has been defined as the physical obtaining of classified information that you are not privy to on others monitors or desk. Simply call it “eavesdropping” at your neighbor’s classified documents or looking over your neighbor’s shoulder for sensitive information.
The Magnitude of the Threat Posed By Visual Hacking
An experiment commissioned by 3M Company on Global Visual Hacking, which was conducted by Ponemon Institute, gave a damning report on the level of protection that organizations have in place to tackle visual hacking.
Statistics don’t lie so the adage goes. It was reported that on all experimental sites (countries), visual hacking took place with a success percentage of 91 out of 157 trials (Visual hacking)!
By any standard, that’s quite an achievement to the visual hackers which comes at a heavy cost on your organization’s essential documents. Think about login credentials, statements that touch on the company’s financial details and classified information on your competitors’ hand.
The most unfortunate part of it all is the swiftness and the high level of precision that visual hacking occurs. From the aforementioned study, it was reported that in less than a quarter an hour for an individual to obtain sensitive information of your organization to fall into the wrong hands. A total stranger whose intention remains unknown!
Explaining the Process of Visual Hacking
According to Ponemon Institute, classified information on transits, or at rest, are at the greatest risk of being visually hacked. To rub salt into the wound, visual hacking seldom leaves any footprint.
Take it as arms race evolution process. With the advent of high-tech security countermeasures of cyber-attacks, cyber hackers have resorted to using low technological measures to access vaults. All it takes is a wondering photographic eye to capture the order of your neighbors data input of his security details and voila you are in!
In other instances, it may be a document laying unattended to on a table. Pick and pack it. Mission accomplished.
In certain cases, it may require taking screen shots of idle computer screens or a visit to the shared computer peripherals (printer bins, fax machines, and photocopiers) which eventually give leeway to a greater scale attack. Ranging from phishing (unsuspecting e-mails sent out to fraudulently obtain your credentials), to identity theft, to cyber-attacks (attempts to compromise the computer network system).
What Drives the Success of Visual Hacking?
The ease with which visual hacking occurs is a point of concern that ought to be addressed. Towards that end, there are situations that are catalytic towards the success of visual hacking.
Key among them include:
- The shift from traditional offices to open floor offices and cubicles:
The traditional offices offered a physical barrier to unauthorized persons, unlike the present day open offices. Where traffic coupled with sharing workspace can easily conceal a visual hacker threat.
- Reluctance by office holders to question strangers
Under the findings presented by the Ponemon Institute, 70% of the visual attackers went on without interruption.
A perfect case scenario of “mind your business”. It’s worth noting that the success rate of obtaining information is halved by interrupting an intruder. So next time, take keen interest to that office stranger who seems preoccupied with the proceedings of your monitor. Make his or her business your business too!
Extenuating Visual Hacks
As Charles Kettering puts it,“A problem well stated is a problem half-solved.” If you can relate to aforesaid scenarios, it will be prudent to instigate remedial measures to make it difficult for the shoulder surfers.
To achieve this, Ponemon advice on a multifaceted approach to both company policies augmented by visual–privacy materials to ward off visual security breaches.
3M, a privacy firm offers a ready solution to visual security breaches. Having already secured HP computers with The Sure View Technology (a screen filter technology), it goes without saying they have the necessary experience to safeguard your private and confidential files.
Other security measures proposed, include smart office designs to reinforce the physical barrier, as well as, taking the interest of your surroundings, repositioning your monitor, reinforcing clean desk policies and educating employees on the subject of visual hacking and handling classified information. Visual audits are greatly encouraged to identify and address potential security breaches.
From a policy perspective, Ponemon suggests that companies advise employees to shut down and password-protect their computers and mobile devices when they are not in use, as well as, implementing a clean-desk policy that ensures documents with sensitive information are removed from plain view when not in use.
Ponemon concludes his study by indicating that implementation of sound company policies augmented by visual–privacy materials such as those offered by 3M reduces visual privacy breaches by up to 26%. To the “wise a word is enough!”
This is a sponsored conversation written by me on behalf of 3M. The opinions and text are all mine.