Quantcast
Channel: Networks Asia - IT news
Viewing all articles
Browse latest Browse all 2029

Sensitive information obtained in 88% of visual hacking trails: Study

$
0
0
Sensitive information obtained in 88% of visual hacking trails: Study

In nearly nine out of ten instances, security experts were able to visually hack corporate information, according to research published by Ponemon Institute. Titled “The 3M Visual Hacking Experiment,” the study was conducted on behalf of the Visual Privacy Advisory Council and 3M Company.

Visual hacking is a low-tech, visual method used to capture confidential information for unauthorized use. It includes capturing documents on desks or screens via vision or unapproved smart devices.

Based on a voluntary sample of eight participating companies and 43 unique office locations throughout the United States, the study revealed that while organizations are investing in information security at record levels, many remain vulnerable to low-tech threats such as visual hacking.

“Visual hacking can target any industry but may be especially dangerous in healthcare and financial industries, given the sensitive information involved in nearly every customer interaction and the desire for malicious parties to obtain it,” said John Brenberg, Information Security & Compliance Manager, 3M and member of the Visual Privacy Advisory Council.

Visual hacking is easy

In 88% of the trials, sensitive information was obtained by visual hackers. Sensitive information types include access and login credentials (47%), confidential or classified documents (35%), financial, accounting and budgeting information (12%), and attorney-client privileged documents (6%).

A little over half (53%) of sensitive information, including access and log-in credentials, confidential documents, and financial information, was captured from an unprotected device.

Twenty percent of the data hacked was considered a very valuable information asset. And it took less than 15 minutes to complete a visual hack in 45% of the hacking attempts.

Multiple pieces of information are hacked:

An average of 5 pieces of sensitive information was obtained per trial. This shows that companies are not only likely to be hit, but to be hit from multiple directions at once.

Only 30% of visual hacking attempts were stopped. On average, 2.8 pieces of sensitive information were already obtained per interrupted incident. The remaining 70% of visual hacking attempts went unnoticed, or unobstructed by employees.

Common Points of Visual Hacking

Key risk areas of visual hacking include high-traffic areas such as reception, open office floor plans, open cubicles and cubicles with low walls, shared work-spaces, and mobile workers in public places. The diagram below illustrates the approximate location where a hack occurred during the experiment.

6 Reasons Why Visual Hacking is Becoming a Bigger Risk in the Office

  • To increase productivity, many organizations are creating open workspaces without walls and cubicles. As a result, it is more likely that sensitive and confidential documents will be visible to prying eyes.
  • In general, organizations are better able to enforce access policies for electronic documents in a consistent fashion across all users than for paper documents.
  • Employees or contractors often are not aware of what types of information are sensitive or confidential and should be protected from individuals with malicious intent.
  • Many organizations do not have a strict policy for securing paper documents both within the office and at offsite locations.
  • Employees often neglect to shred or dispose of sensitive paper documents in a secure manner. Confidential paper documents thrown in a trash bin, left in a communal printing tray and at an office desk are particularly vulnerable to visual hacking.
  • Sensitive and confidential documents are frequently accessed in public locations because of the increasingly mobile workforce.

7 Tips to Safeguard Sensitive Information from Prying Eyes

The 3M Visual Hacking Experiment reveals just how easy it is for a company to be hacked without even knowing it. However, visual hacking controls do help, including:

  • Educate employees to be aware of their surroundings.
  • Lock computers before leaving it unattended.
  • Take action when a visitor is behaving suspiciously.
  • Use desk partitions for sensitive departments. Traditional offices and cubicles make it easier to protect paper documents and more difficult to view a computer screen.
  • When working at public spaces, sit in a position with the back facing the wall.
  • Use private Wi-Fi or a virtual private network to access or transmit sensitive data.
  • Use privacy filters for device screens. 50% of trials saw three or less information types visually hacked while 43% of companies that did not use a privacy filter saw four or more information types visually hacked.

Viewing all articles
Browse latest Browse all 2029

Trending Articles