What’s tailgating (piggybacking) and the way to stop it?

What’s tailgating (piggybacking)?

Tailgating, typically known as piggybacking, is a kind of bodily safety breach by which an unauthorized particular person follows a certified particular person to enter secured premises.

Understanding tailgating

Tailgating is without doubt one of the easiest types of a social engineering assault. It’s a simple means for an unauthorized celebration to get round safety mechanisms which can be assumed to be safe. The safety comes into query as a result of a mixture of human carelessness (the adopted celebration) and ingenuity (the next celebration).

For instance, a retina scanner is supposed to restrict entry to a bodily space by scanning the retinas of approved personnel. Whereas retina scanning authentication works, unauthorized events can acquire entry to a secured space if an worker holds the door for an unknown particular person behind them out of a misguided sense of courtesy or behavior.

Such a well mannered gesture could also be exploited by people to realize entry to a location they won’t have been in a position to entry in any other case. If the person is malicious, their entry can negatively affect the group. For instance, they might trigger a knowledge breach, steal cash or destroy or injury the agency’s property.

Tailgating can result in knowledge breaches, in addition to lack of cash and property.

How tailgating works

One of the vital widespread tailgating strategies is somebody merely following another person by way of a door — normally as a result of an worker holds open a door for the particular person behind them. A extra subtle kind of tailgating assault happens when a menace actor disguises themselves as another person — sometimes a certified particular person with entry to a specific space — to trick folks to realize entry to that space.

One other occasion of tailgating is when a certified celebration enters an space and lets the door slowly shut behind them. This leaves a small window of time when an unauthorized celebration can enter the premises.

Tailgating may occur when a 3rd celebration retains a door propped open for some purpose. For example, a painter could also be working within the workplace foyer, in order that they go away the door open to eliminate paint fumes. Or an IT vendor could also be troubleshooting a server or router within the server room whereas leaving the door to the room open. In one other situation, somebody can faux to be a supply particular person and enter a constructing by asking an worker to “maintain the door” as they carry in a package deal, purportedly for somebody within the constructing or workplace.

Tailgating in buildings is harmful and a severe cybersecurity concern for enterprises.

Why tailgating occurs

As talked about earlier, one widespread purpose a person might tailgate is as a result of they know that individuals tend to be courteous and their default tendency is to go away the door open to permit the particular person behind them entry to a constructing or workplace.

Menace actors reap the benefits of cognitive biases that have an effect on human decision-making. One such “human bug” is the tendency to be courteous. One other is the tendency to belief different folks. An individual holding the door open would not sometimes assume {that a} tailgating particular person is just not speculated to be there, or worse, intends to hurt the group.

Tailgating is a typical drawback in multi-tenanted buildings the place many individuals entry the constructing, making it tough to trace unauthorized personnel and maintain them out. Tailgating additionally occurs extra usually in firms the place workers do not observe cybersecurity finest practices. This can be as a result of carelessness or insufficient coaching. Lastly, tailgating can occur in companies missing a mixture of biometric entry management techniques and workers with good cybersecurity hygiene.

biometric authentication types
Biometric entry management techniques mixed with workers with good cybersecurity hygiene assist stop tailgating breaches.

Risks of tailgating

Individuals who may tailgate embody disgruntled former workers, thieves, vandals, mischief makers and anybody who has a problem with an worker or the corporate. Thus, tailgating personnel could also be harmless or malicious, however both can doubtlessly disrupt the enterprise, trigger injury, create surprising prices, and result in additional questions of safety as a result of they did not observe correct safety protocols when getting into an space.

Tailgating is a major safety danger for organizations and their property, tools, knowledge and personnel. Malicious actors who tailgate may wish to acquire entry to the corporate’s premises to steal precious tools similar to unattended laptops or exfiltrate delicate data. They could wish to insert spy ware into enterprise units or set up malware or ransomware on particular computer systems.

Some attackers tailgate to entry the server room and create a backdoor to the complete enterprise community. This offers entry to the community permitting them to manage units and steal knowledge, firm secrets and techniques or funds.

Tailgating may end in bodily violence or vandalism. Decided tailgaters may surreptitiously set up cameras to remotely keep watch over firm operations and have interaction in company or cyberespionage.

cyberespionage vs. cyberwarfare
Profitable tailgaters can result in the set up of cameras or listening units as a part of a cyberespionage operation.

Easy methods to stop tailgating

Organizations should implement efficient safety to guard the premises from unauthorized personnel and forestall tailgating. These are the best strategies:

Making certain that doorways shut swiftly and securely

Putting in entry controls for entrances and restricted areas with swiftly closing doorways is important. Moreover, safety revolving doorways present tailgating detection and make sure that a person is alone, which means another person can’t enter behind them with out going by way of a correct entry mechanism.

Biometric scanners

Biometric scanners and turnstiles permit just one particular person to enter an space at a time. They stop tailgaters from strolling with or behind a certified particular person inside a constructing or workplace. Electronically managed entry controls and good playing cards for entrances and restricted areas are additionally crucial to forestall tailgating.

Picture ID

Workers should be required to put on photograph IDs and guests should be required to put on badges. All IDs should be clearly seen. With these ID strategies in place, anybody not carrying them change into conspicuous, making it simpler to acknowledge and detain them, and forestall them from getting into safe premises.

Video surveillance

Surveillance units similar to CCTVs present a way to keep watch over the premises 24/7. If the units are clearly seen, they act as a deterrent to these seeking to tailgate their means into an workplace or server room.

Multifactor authentication (MFA)

MFA on entry doorways can stop unauthorized individuals from accessing safe areas. One instance is a server room door that requires each an entry card and a thumb print. One other instance is a file room the place entrants should present a wise card and supply a retina print.

Safety guards

Safety guards present a bodily means to safeguard premises. These guards must be educated to ask unfamiliar personnel or personnel not carrying ID playing cards who they’re and why they’re on the premises.

Laser sensors or mantraps

Photosensors, laser sensors and mantraps can restrict entry to a single particular person at a time, stopping somebody from following them and getting into an space they don’t seem to be approved to enter.

Worker schooling

The presence of safety measures can create a false sense of safety and end in folks ignoring easy strategies of subverting safety. That is why it’s important to teach workers on the way to acknowledge and resist tailgating. Educating workers on the risks of tailgating can considerably cut back the menace.

Creating a powerful cyber consciousness tradition all through the group and making workers conscious of their duties to guard the corporate’s belongings from unauthorized events is crucial. Workers must be taught these safety finest practices:

  • By no means maintain the road for anybody.
  • Cease folks from following them into particular entry zones or restricted areas.
  • Cease people who find themselves not carrying worker or customer badges and direct them to reception.
  • Report suspicious exercise to safety guards.
  • At all times direct guests or company who seem “misplaced” or misplaced to the reception desk.
  • Inform safety guards or the IT group if an digital door is just not functioning correctly.
  • At all times shut doorways, particularly to safe or restricted areas like server rooms.
  • Be certain that any outsiders, similar to repairmen or supply individuals, are legit and carrying acceptable badges.
  • By no means permit former workers — even those that are acquainted or pleasant with a present worker — to entry the corporate premises if they do not have the permission of approved personnel (e.g., IT group) or usually are not carrying correct ID badges.

See additionally: watering gap assault, dumpster diving, shoulder browsing

Supply hyperlink