The Ponemon Institute on behalf of 3M and the Visual Privacy Advisory Council, performed experiments with visual hacking techniques and the results were surprising. Ponemon hired a computer security expert as a hacker and gave him access to eight firms through a temporary worker badge. What the institute found was disturbing.
The hacker achieved success in close to 90% of the attempts. This included access to sensitive corporate information on a workers desk or computer screen. Information included contact lists, customer information, corporate financials, and employee access and login credentials.
According to the report, ‘The hacker used three techniques to obtain the information: walking through the office looking for information on desks, computer screens and other locations; taking business documents labeled as confidential; and using his smartphone to take a picture of confidential information displayed on computer screens. What’s more, the hacker used these techniques in plain view of employees. In fact, 70 percent of the time, the expert was not stopped by employees. Even when he was stopped, he was still able to steal some sensitive information.’
What I find interesting, in only one case did someone ask why the person was there and why they were taking pictures. Curiously the same experiment in a traditional office layout did yield as much hacking success.
Since Ponemon granted security access to the firms being hacked, in reality, they may have been stopped by security.
Still, interesting findings.