Physical cyber threats: What do criminals leave when they break in?  - Help Net Security

Physical cyber threats: What do criminals leave when they break in?  - Help Net Security

Many organizations have maintained heavy investment in cybersecurity over the last year, even in an unpredictable time when other spending has faltered. Gartner estimates that IT security and risk management spending still grew 2.6 percent even as IT spending as a whole fell by 8 percent.



However, while businesses have continued to fortify their networks against remote invaders, most have overlooked the potential for cyber threats from physical intruders. With very few exceptions such as government facilities, organizations tend to be extremely vulnerable to cyberattacks that involve a threat actor gaining direct access to the infrastructure.


While such attacks are extremely rare in comparison to the endless virtual attacks launched every day, physical security gaps can allow threat actors to circumvent otherwise strong defenses to inflict serious damage. Unlike an ordinary burglary, the threat is not what is stolen by the intruder, but what they leave behind – anything from keyloggers to backdoor malware. It’s especially important that organizations that are in high-risk sectors such as finance be prepared for such attacks.


Fortunately, however, with the right precautions it is possible to minimize the risk of a physical intruder, and spot incursions based on digital and physical evidence left behind.


How do intruders breach the building?


The first part of any physical cyberattack is gaining access to the building, and our red teaming exercises have found this is often shockingly easy to do. While you might forgive a business for being caught out by an elaborate Ocean’s Eleven style heist, all too often ..