Whereas organizations take the utmost measures and put money into strong cybersecurity options and applied sciences to maintain cybercriminals at bay, human errors, innocence, and negligence stay among the many high causes behind a number of cyberattacks and knowledge breaches.
Social engineering assaults that deceive workers into performing sure actions or sharing delicate enterprise knowledge and data account for as much as 98% of all cyberattacks.
This reveals how cybercriminals proceed to take undue benefit of focused customers and workers, which stays one of many greatest weaknesses of many organizations’ cybersecurity methods.
One such frequent social engineering assault is tailgating.
Additionally known as piggybacking, tailgating is among the bodily safety breaches the place a malicious or unauthorized entity follows a licensed entity into restricted firm premises.
On this article, we’ll see tailgating in additional element—discussing what it’s, the way it works, real-life examples, and find out how to stop it from lowering dangers of bodily breaches in your group.
What Is Tailgating?
Tailgating is a type of social engineering assault that permits thieves, hackers, and different malicious entities entry and unauthorized entry into an unrestricted area.
Therefore, in contrast to different on-line cyberattacks that digitally breach an organization’s community—in tailgating, the attacker bodily breaches an organization’s safety system to steam, entry, and compromise its confidential knowledge.
In easy phrases, in tailgating, an unauthorized individual merely follows or slips behind a licensed individual to entry restricted firm premises.
However how does tailgating work, and the way do attackers trick licensed people and get into restricted areas? Let’s discover out.
How Does Tailgating Work?
Tailgating is a typical social engineering assault involving the attacker attempting to entry or get into an organization constructing or space bodily, consisting of delicate info.
Attackers could use coercion, deception, or trickery to induce a licensed particular person into permitting them to get inside restricted and confidential firm premises.
An attacker can do that in a number of methods. They will both wait round a safe exit to rapidly sneak in when a licensed individual unlocks the entry, pretending to be a licensed entity themselves.
Furthermore, they might additionally disguise to be another person, like a repairman or a supply individual—asking licensed people to allow them throughout the firm space.
Among the commonest tailgating strategies employed by an attacker embrace:
- Pretending to be an worker with a misplaced or forgotten worker entry ID.
- Hiding close to a locked entry level and sneaking when a licensed individual unlocks the doorway.
- Disguising to be a supply individual with a great deal of containers or packages in hand.
- Intentionally having their palms full or occupied—irrespective of who they fake to be, asking somebody to carry the door or safety entry level.
- Making an attempt to stroll precisely behind a licensed particular person—anticipating them to maintain the door open for them to enter proper behind them.
- Accessing with a licensed worker’s stolen ID or entry credentials—masquerading as a reliable firm worker.
Irrespective of the strategies, tailgating assaults work when an intruder beneficial properties bodily entry to an organization’s restricted space with out authorized permission—primarily to compromise, steal, and injury confidential info.
What Is Bodily Tailgating?
Because the title suggests, bodily tailgating entails a bodily attacker attempting to entry a restricted group space for malicious functions.
The attacker makes use of this social engineering approach to realize unauthorized entry by piggybacking or following a licensed particular person.
Thus, bodily tailgating is the place the attacker exploits human belief and habits, gaining entry into licensed and safe firm premises—with out seeming suspicious.
What Is Digital Tailgating?
Digital tailgating is nothing however the typical or conventional cyberattack or social engineering assault that entails gaining unauthorized entry to digital methods or networks via both deception or stealing licensed customers’ credentials.
Frequent social engineering or digital tailgating assaults embrace phishing, spear phishing, vishing, pretexting, baiting, and malware.
Let’s get into extra element about understanding how bodily and digital tailgating differ by way of their mode of execution, goal victims, intent, and preventative measures.
Bodily vs. Digital Tailgating
Sometimes, conventional cyberattacks or social engineering assaults contain concentrating on or hacking a corporation’s community or methods via cybercriminal actions, resembling phishing, malware, and DDoS assaults.
Conversely, bodily tailgating depends on the human aspect—exploiting human habits fairly than technological loopholes.
Listed here are a couple of distinguishable metrics that assist perceive the distinction between digital and bodily tailgating:
- Digital tailgating assaults are comparatively simpler to execute as they’re carried out by way of distant and on-line interactions. Nonetheless, the mode of execution for bodily tailgating differs, because the attacker must be bodily current on the goal group’s premises—making it riskier than cyberattacks.
- Whereas the intent of digital tailgating is primarily to deal with digital knowledge theft to steal delicate enterprise info or disrupt operations, bodily tailgating facilitates bodily theft by way of unauthorized entry, doubtlessly resulting in different types of cyberattacks.
- Whereas digital tailgating assaults can simply goal any type of firm, group, laptop methods, or on-line enterprise, bodily tailgating assaults goal bodily infrastructures, like workplace buildings, knowledge facilities, and analysis labs—principally, organizations having safety entry controls and delicate knowledge.
- The preventative measures for digital tailgating assaults embrace using firewalls, antivirus software program, and intrusion detection methods; stopping bodily tailgating contains worker coaching and consciousness, strong entry management methods, surveillance and safety cameras, and extra.
- By using refined strategies, digital tailgating assaults can get very advanced and technologically superior in nature. Alternatively, bodily tailgating assaults aren’t as advanced as they primarily depend on deceiving and manipulating human habits—making it a direct social engineering cyberattack.
Now that we perceive the distinction between bodily and digital tailgating let’s have a look at some real-life situations and examples of tailgating assaults that occurred worldwide.
Actual-life Examples of Tailgating Assaults
In keeping with a survey by Boon Edam, over 74% of organizations fail to trace tailgating, and over 71% of them really feel they’re weak to tailgating assaults on account of bodily breaches.
Listed here are examples of real-life tailgating incidents and the way they affected the worldwide corporations and organizations at Goal.
#1. Siemens Enterprise Safety’s Breach by Colin Greenless
A Siemens Enterprise Communications Safety guide, Colin Greenless, tried accessing a number of flooring of the corporate constructing with the assistance of tailgating.
Colin particularly tried accessing the info heart room at an FTSE-listed monetary establishment. He arrange a pretend workplace for himself on the third flooring and pretended to be a working worker—working there for a number of days.
Utilizing tailgating and different social engineering assaults, Colin may get entry to very beneficial and delicate firm info.
#2. Mount Sinai St. Luke’s Hospital’s Breach in New York Metropolis
This tailgating incident occurred when a dismissed resident from New York Metropolis’s Mount Sinai St. Luke’s Hospital gained unauthorized entry to Brigham and Ladies’s Hospital’s 5 working rooms.
Cheryl Wang was in a position to entry the working rooms by dressing in scrubs and with none identification badges inside two days to watch the operational procedures.
#3. A 2019 Breach by Yujhing Zhang
Yujhing Zhang, a Chinese language girl, was caught trespassing the U.S. President Donald Trump’s Mar-a-Lago membership in Florida in 2019.
As soon as caught, Zhang was discovered carrying two Chinese language passports, 4 cell phones, one laptop, and different units. Furthermore, Zhang was discovered carrying a malware-induced thumb drive and lied about getting on the property.
#4. Verizon Knowledge Breach in 2005
Exploiting bodily tailgating and social engineering assaults, hackers may acquire unauthorized entry to Verizon’s inside community in 2005.
The attackers pretended to be a vendor’s worker, convincing the safety guard to allow them to enter the corporate premises—later managing to steal delicate buyer info.
#5. The TJX Corporations Knowledge Breach in 2007
The TJX Corporations, together with Marshalls and TJ Maxx, skilled an enormous knowledge breach in 2007 involving bodily tailgating and cyberattacks.
The attackers very neatly positioned rogue wi-fi entry factors in one of many retailer’s parking heaps to get unauthorized entry to the corporate’s community. Hackers efficiently compromised and stole clients’ hundreds of thousands of bank card numbers and different confidential info.
Influence of Tailgating on Cybersecurity
Tailgating is among the most important threats to a corporation’s safety system. A profitable tailgating assault can disrupt the corporate’s income and pose large threats by way of knowledge loss.
Right here’s how tailgating can affect your group’s cybersecurity posture:
- Theft of personal knowledge when an attacker beneficial properties bodily entry to delicate info, like login particulars or paperwork left by an worker on their work desk.
- Theft of firm units when an attacker can efficiently steal an worker’s laptop computer or cellular units left of their restricted workspaces.
- Sabotage of enterprise operations by an attacker when he accesses firm units to briefly or completely disrupt enterprise operations in return for a ransom.
- Theft or compromise of units, ensuing within the attacker putting in malware, ransomware, and keyloggers into the units by bypassing software-based defenses to prevalent cyberattacks.
Thus, tailgating poses large cybersecurity dangers to an organization’s knowledge, employees, and property—leading to sudden prices and lack of repute. Therefore, taking preventative measures in opposition to tailgating properly upfront is crucial.
Tailgating Preventative Measures
Organizations are proactively taking measures to forestall tailgating incidents and dangers. In reality, in accordance with a report, the tailgating detection system market is anticipated to leap from $63.5 million in 2021 to a whopping $99.5 million by 2028.
Whereas this may seem to be an enormous determine, listed below are a couple of cost-efficient and efficient steps you’ll be able to take to forestall tailgating from attacking and compromising your group’s safety.
#1. Implement Safety Consciousness Coaching Applications
Many workers aren’t conscious of tailgating and different social engineering assaults. Therefore, educating your workers about social engineering, what it means, indicators to determine tailgating, and the way it may be prevented is essential.
Convincing workers about their position in stopping tailgating might help induce a way of accountability and consciousness inside workers in securing the group’s knowledge and system.
Therefore, incorporating and implementing cybersecurity coaching might help workers detect suspicious actions and keep away from social engineering assaults like tailgating of their workplaces.
#2. Be Conscious of Your Environment and Guarantee Doorways Shut Swiftly
As an worker, one of many best methods to keep away from changing into a sufferer of a tailgating assault is to bear in mind and alert of your environment and folks round you—particularly when coming into restricted firm areas.
Make sure you go searching when utilizing your ID Or coming into a password to unlock access-controlled doorways. It’s additionally essential to shut the door behind you swiftly and ensure nobody and not using a legitimate ID or entry sneaks in behind you when you enter the restricted space.
At an organizational degree, utilizing safety revolving doorways might be extremely useful in stopping tailgating dangers.
#3. Superior Video Surveillance
When your organization contains a number of entrances and restricted areas, monitoring them might be difficult, and counting on human parts like safety guards alone isn’t sensible.
Therefore, surveillance units like CCTVs and superior surveillance options can stop tailgating by maintaining a 24/7 verify on the corporate premises.
Superior video surveillance options use video analytics and Synthetic Intelligence strategies to extend the effectivity of real-time safety measures. They assess people who enter the corporate entrances and evaluate the recorded video footage with the worker’s and contractors’ facial scans. This makes it simpler to detect an intruder as superior video surveillance works in actual time.
#4. Use Biometric Scans
Biometric scanners, resembling fingerprint scanners, facial recognition, iris recognition, voice recognition, coronary heart charge sensors, or different Personally Identifiable Data (PII), guarantee final safety by permitting just one licensed individual to enter the restricted space.
Since they scan a licensed particular person’s distinctive bodily function, they show to be far more safe than passwords and PINs—stopping tailgaters from sneaking in or following a licensed particular person.
#5. Concern Sensible Badges
Sensible playing cards or good badges are different crucial methods that may assist you to enhance your group’s bodily safety and keep away from the possibilities of tailgating.
Sensible badges use RFID know-how and are simply configurable to allow entry to completely different firm areas by swiping or scanning them at particular entrances. This manner, it turns into simpler to find out who’s granted entry to particular areas with out requiring them to retrieve a key at any time when they want to make any adjustments.
#6. Use Laser Sensors
Photosensors or laser sensors make it simpler to detect a number of folks strolling via or coming into an entrance on the identical time. They limit entry to an entrance to a single individual—considerably lowering tailgating dangers.
If an intruder tries to tailgate, the sensors will alert the safety personnel in cost—making it a wonderful safety answer to tailgating, particularly when there’s an enormous inflow of workers transferring out and in of firm premises or throughout firm occasions.
#7. Prepare Safety Guards
Lastly, whereas coaching workers and making them conscious of tailgating and social engineering is essential—it’s additionally necessary to coach your organization’s safety guards and make them conscious of tailgating assaults and their affect on the group’s knowledge, income, and repute.
It will instill a way of accountability throughout the guards—making them extra alert and conscious to name out people with out ID badges or good playing cards and instantly report back to the respective safety personnel in case they discover somebody suspicious.
Remaining Phrases
Safety isn’t one individual’s job. It’s solely when the whole group—from the highest senior safety personnel and IT groups to particular person workers and guards work collectively and contribute in direction of following the most effective safety practices—can it stop assaults like tailgating.
Tailgating is a critical menace to organizations—compromising their knowledge safety and confidential info, costing them hundreds of thousands and billions of {dollars} to compensate for the assault.
So, if you happen to personal a big enterprise or a corporation in a number of areas, make sure you unfold cybersecurity schooling and tailgating consciousness and make use of the most effective tailgating preventative measures mentioned on this article.
Subsequent, take a look at the most effective cybersecurity certifications to upskill your self.