A tailgating attack, also referred to as “piggybacking,” involves attackers seeking entry to a restricted area without proper authentication. In it, the perpetrators can simply follow an authorized person into a restricted location. They can impersonate delivery men carrying tons of packages, waiting for an employee to open the door. They can ask the unknowing target to hold the door, bypassing security measures like electronic access control.
Read More about a “Tailgating Attack”
Tailgating is a common type of social engineering attack. While they don’t always use computers per se, as in the sample scenario above, they always involve some sort of electronic identification.
Tailgating is considered more of a psychological manipulation in that attackers make unknowing employees accomplices to their crime. Like phishing, including spear phishing or whaling, it is an information security confidence trick designed to fool authorized people to allow attackers to access restricted areas and information.
How Does Tailgating Work?
Tailgating happens when the person followed by an attacker is unaware of the latter’s malicious intent. The unauthorized passage can either be forced or accidental. How tailgating works isn’t too difficult to imagine. It begins with the attacker hanging out by the target’s door to wait for an authorized person to enter.
When an employee, a supplier, or anyone with access enters the premises, the attacker takes the opportunity to slip in unnoticed. In some cases, they would talk the authorized person into letting them in by pretending to have legitimate business with the company. Educating employees about the dangers of tailgating can help minimize security risks.
Who Are Most at Risk of Tailgating Attacks?
Organizations with large employee numbers, prone to staff turnover, and that rely on several subcontractors for specific tasks are most at risk of tailgating attacks.
Universities and open campuses with huge foot traffic are also at significant risk, especially since their students typically rush from class to class without thinking twice about leaving doors open even when they don’t know who’s following them to restricted areas.
The same is true for offices where employees are always hopping from one meeting to the next, running around to take urgent calls, and striving to meet pressing deadlines.
These places are ripe for criminals’ picking. They can suffer from data breaches and other types of phishing, ransomware, and other malware-enabled attacks that can cost millions to address and severely damage an establishment’s reputation.
How Can Organizations Avoid Suffering from Tailgating Attacks?
The fact that most companies today are more preoccupied with defending against cyber attacks can contribute to the success of tailgating attacks. Organizations, however, need to protect against physical and cyber threats.
Truth be told, tailgating attacks require the implementation of fundamental measures that include:
- Logging off from your computer and other devices while these are not in use. Don’t forget to include universal serial bus (USB) sticks and Secure Digital (SD) memory cards. Anything that contains confidential information needs to be secured. Following company security rules strictly always helps.
- Don’t be fooled by looks. If anyone looks suspicious, approach the person and ask for credentials to make sure he or she is authorized to be in the area. It’s always better to ask and be careful rather than presume someone is who you think he/she is. If you’re afraid to ask, let your security team know immediately instead.
- Always know what is going on around you, especially when you’re entering restricted areas (i.e., those with highly confidential, classified information). Fake couriers or IT contractors may try to sneak in once you clear the entry system. Don’t fall for friendly folks carrying loads of files, making you think they just need help opening the door.
- If you’re part of your company’s security team, create and implement comprehensive security protocols covering both physical and virtual threats. Ask your bosses to make following them a mandatory part of employee training. That will help you ensure no corporate data will fall into the wrong hands.
- Make it a point to follow your organization’s security protocols. Attend the necessary training so you can avoid being the cause of a data breach or compromise.
Tailgating may seem simple, but its consequences are as devastating as any other kind of attack, physical or virtual. To avoid its unwanted repercussions, follow the tips and tricks in this post.
- Tailgating attacks happen when someone with malicious intent enters a restricted area by piggybacking on an authorized employee.
- The employee is unaware of the attacker’s plan but somehow becomes an accomplice to the crime.
- Offices and buildings with several people going in and out all the time are vulnerable to tailgating attacks.
- Companies with a large number of employees are also prone to tailgating attacks.
- To avoid tailgating attacks, people with access to the building or restricted areas must be educated about its dangers.
- The simple act of asking strangers hanging out by an area’s entryway can save the organization from any planned attack.
- Implementing a zero-trust policy, even in the physical realm, can go a long way in avoiding tailgating attacks.