Low tech 'visual hacking' successful nine times out of ten

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/2886385/social-engineering/low-tech-visual-hacking-successful-nine-times-out-of-ten.html

By Maria Korolov
CSO
Feb 19, 2015

Researchers were able to get sensitive corporate information just by 
looking around corporate offices in 88 percent of attempts, according to a 
new study.

Traverse City-based Ponemon Institute sent researchers to 43 offices 
belonging to seven large corporations who had previously agreed to 
participate in benchmarking research. The researchers had valid 
identification as temporary employees, and management knew they were 
coming -- though the office staff did not.

The researchers spent up to two hours in each office, wandering around, 
taking pictures of computer screens, and picking up documents marked 
"confidential" and putting them in their bags -- all deliberately within 
full view of the regular employees.

In the vast majority of the cases, the regular office staff did not ask 
any questions or confront the researcher in any way.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/