Cybercriminals are getting smarter with the passage of time. They’re finding new ways to exploit and gain access to business computer systems. One of their evolving tactics is social engineering, a technique that involves the manipulation of human behaviour. Hackers trick another person, so they can gain confidential, personal data that they can use for their fraudulent activities.
What Is Tailgating in Security?
In driving dynamics, tailgating is driving very near to the vehicle in front of you in a way that you’re likely to get hit if that other driver makes a sudden stop. Some people tailgate to make the driver in front of them pick up some speed, while others do it due to road rage.
In the virtual world, tailgating is a type of social engineering attack. Tailgaters physically follow someone closely to gain entry to an area of an office or building that’s reserved for authorised employees. Their aim is to either steal confidential business information or cause a data breach using company equipment or personal devices used by staff members. When attackers psychologically manipulate a person to give them access, it’s called piggybacking.
How Does Tailgating Work?
Any social engineering attack typically follows this method:
1. Investigate
Attackers first conduct research to determine the person to victimise and the right method to use, so they can meet their goal.
2. Contact
They engage with the identified victim to build trust, all the while taking control of the interaction. They invest in the relationship to get as much cooperation as they need from the victim.
3. Attack
They advance the attack once trust develops in the relationship and the victim’s weakness is exposed.
4. Escape
Attackers disengage and cover their tracks once their attack is complete.
In tailgating, cybercriminals take advantage of negligence or use behavioural psychology to bypass control systems—such as security guards, badges, passcodes and biometric scans—which are used to seal off these reserved areas.
Those who tailgate can look for doors that were accidentally left open or unlocked. In the case of piggybacking, fraudsters attempt to go inside off-limits locations by befriending or relying on the courtesy of an unsuspecting employee to let them through.
What Are Examples of Tailgating?
Here are some ways in which tailgating and piggybacking can occur:
· Disguise
Tailgaters and piggybackers are impostors. They can pretend to have a legitimate reason for doing business on your premises. They may arrive as uniformed couriers or repair contractors with boxes, files or equipment who’ll need help opening a door. Unknowing and helpful employees might then offer assistance without first asking the other person’s credentials and reason for coming. Fraudsters who participate in tailgating can also claim to be job applicants or visitors who forgot their access badge in your office.
· Small talk
Attackers may also try to sneak into your office by staying in areas where employees hang out and chat as if they also work in the building. They continue engaging in small talk until they’re able to go in the restricted area with or without the permission of the person they’ve made friends with.
· Borrowed device
Those who practice tailgating may also borrow an employee’s device to install malicious software or steal user credentials to preserve an access method they can use in the future.
Is Your Business at Risk?
Your organisation can be prone to tailgating and piggybacking if:
- Your physical office has several entry points
- Your office experiences high foot traffic, with employees moving to and from across different rooms and buildings within the day
- Your business has many part-time workers or sub-contractors, whose personnel make regular visits to your office
- Your company has a large workforce and is experiencing a high turnover
These scenarios can also be applicable in an academic setting, with students and faculty going from one classroom to another every so many hours.
Zero-Day Attacks
If tailgating and piggybacking is a security attack that happens in physical environments, a zero-day (also Day Zero) attack is its equivalent in the virtual arena.
Hackers spend hours to years finding a security vulnerability that’s unknown—and therefore unpatched—to the vendor or developer. A threat actor takes advantage of this weak spot to gain entry or corrupt a target network. It’s called zero-day because developers don’t have the time to fix the unknown software or hardware flaw and create patches until it’s discovered.
Today, criminal hackers can sell zero-day information on the dark market to give details about how to break through the vulnerable system. Meanwhile, some researchers and businesses sell information to law enforcement and intelligence bodies. At the same time, there are companies who pay ethical hackers for detecting and revealing vulnerabilities to developers to address the problem before cybercriminals could find them.
One study showed that 80% of successful data breaches were zero-day exploits.
How Can You Prevent Tailgating?
You need to combine human and technological approaches to defend yourself and your company against tailgating and piggybacking. To avoid compromising your safety, you can do the following steps:
1. Identity and access management
Identity and access management systems verify identities at all physical and digital entry points within your business premises. To prevent tailgating attempts, it’s best to integrate digital authentication (a username and password) with physical security systems. They can include the following:
- Biometrics or thumb signature
- PIN numbers
- Photo ID card
- Visitor badges
The following can also help your company better manage and tighten security:
- Cameras
- Laser sensors
- Security guards
- Turnstiles
- Man traps or air locks
2. Penetration testing (Pentesting)
Penetration testing involves performing simulated attacks against physical barriers: RFID and electronic door entry systems, locks and motion sensors. The pentester may do a vendor or personnel impersonation to check physical security controls.
The simulation aims to expose the vulnerabilities of physical locations to help IT administrators discover the types of users that are most at risk for specific attacks. This testing will also identify what additional security training is required and who should get it. Moreover, the test seeks to assess the levels of compliance to security procedures. The pentester later reports employee responses and gives its recommendations to company management or its IT department.
3. Security awareness training
You and your employees are less likely to become victims of tailgating if you know what attacks look like. Awareness will also make it easier for everyone to spot risks and potential attacks and report them to authorities.
Security training can emphasise situational awareness, especially when moving around restricted areas (like your IT server room). Stay alert and conscious of who’s following you through a door. Don’t be fooled by friendly-looking folks carrying loads of items who make you want to hold the door for them. Avoid talking to strangers within office premises or allowing them to go inside using your credentials.
If you don’t recognise persons at the door or inside your office, check whether they have IDs or visitor’s passes. Report such individuals to your security staff if you can’t personally ask them their reasons for being there. Also, inform security if you find a door that doesn’t close properly or automatically.
Be wary of phone calls asking you to provide or verify account information. Remember that no legitimate IT technician or service provider will ask for users’ passwords.
4. Security protocols
Managed security services won’t be enough to deter tailgating attackers, who can capitalise on employees’ negligence and naivety. But you and every employee can outwit them if your company will create a security policy that includes these guidelines:
- Don’t leave paper documents, flash drives and memory cards lying around. Keep confidential items out of danger by placing them in locked storage.
- Lock your desktop computers or laptop when you move away from your workstation. Shut it down when you’re done working for the day.
- Use appropriate devices when destroying personal and company papers you no longer need.
- Regularly update anti-malware, anti-virus and other data security software on your computers.
- Limit access to restricted areas of your offices, especially after work hours.
5. Rapid incident response
Speed is everything when it comes to containing a data breach. Your team should be equipped with integration services for conducting real-time activity monitoring, notification, reporting, visual verification and remote access to physical access controls.
Awareness training along with safety protocols can make your response plan against tailgaters more effective. Identify the point person that employees should alert about any instance of tailgating. Also, provide a communication channel for reporting suspected threat actors or abnormal user activity.
A recent IBM report showed that a quick response to an incident can help a business save 30% of the losses resulting from a security breach. It also hastens the time to contain the security threat to below 200 days. However, the research also admitted that on average, it can take 287 days to detect and contain a data breach.
FAQs
1. How much money can businesses lose in a data breach incident?
The average value of a data breach in 2021 reached USD4.24 million, 10% higher than the year before, according to the same IBM study. In cases where the breach had something to do with remote working, the average cost was even higher at $4.96 million. However, the loss amounted to around $3.8 million less for companies that used security AI and automated response.
2. What is zero-trust?
Zero-trust is a strategy against tailgating and other security threats, which follows the “never trust, always verify” principle. Traditional network security trusted people and devices within an organisation’s network. However, zero-trust enforces a least privilege access approach to information systems. This model requires continuous identity verification and monitoring of all users, devices and applications connected to an organisational network, whether they’re remote or on-site.
