Evidence Solutions, Inc., (ESI) is a premier forensics company founded in 1982.

ESI Provides Elite experts in:

Digital and Electronic Evidence, Computer Forensics, Cell Phone Forensics
Trucking, Truck Accident Investigation and Trucking Regulations, Truck Safety Consulting, Heavy Vehicles & Hazardous Materials
Sports and Fitness, Fitness Facility Standard of Care
Real Estate & Land, Real Estate Syndication
Bankruptcy and Corporate Governance
Accident Reconstruction

Call for a free consultation: 866-795-7166

 

 

Computer Data Breach Expert:

Visual Hacking: A Threat Most Organizations Miss!

Is Visual Hacking Happening in Your Organization!

Cyber Evidence Forensics Expert / Computer Breach Forensics Articles

By Scott Greene

The Ponemon Institute, based in Traverse City, MI, recently investigated the ability for researchers to collect sensitive information from 43 corporate offices. The study was sponsored by 3M Corporation a publicly traded company which is headquartered in St. Paul, MN. Here are some of the results:

hacker ghost image on laptop

Data Breach & Social Engineering Expert

Hacking & Hacker Definitions:

Visual Hacking: A low-tech method of collecting information. The hacker generally visually captures sensitive, confidential and private information for unauthorized use.

White Hat Hacker: “Ethical Hacker” is person who hacks for good to find their own, or other organization’s, vulnerabilities and report them for improvement.

Black Hat Hacker: Is someone who hacks for evil maliciousness or personal gain.

The Ponemon group of researchers had valid temporary employee identification for seven corporations. The management of the corporations were aware the research was happening. However, the office staff employees had no knowledge.

In 88% of the offices, the visual hackers were able to collect sensitive organization information. This occurred by them simply by wandering around the offices.

The visual hackers spent up to two hours in each office. In general, the researcher wandered around, collecting documents marked as “Confidential” and taking pictures of computer screens. The collected documents were actually put into the researcher’s brief case while regular employees had full view of the actions.

In the vast majority of the offices, the regular office staff did not ask any questions or challenge the interloper in any way. In the 43 offices visited, the hacker was only confronted by employees seven times when using a phone or camera to take photos. When collecting confidential documents to steal, the Ponemon hackers were only confronted by a company employee only four times.  When looking at items in people's workspace, computer monitors, and at printers, copiers and fax machines, only twice was the intruder challenged.

In only one office was the activity of the white hat hacker reported to management.

In about half of the locations investigated, it took the investigator less than 15 minutes to find and collect sensitive information. A Black hat hacker may have more or less time in the office, but a malicious insider could have all the time in the world.

Information collected included employee directories, customer information, financial data, access and login credentials and confidential documents. In one location, a researcher operated an employee’s computer, displayed an Excel spreadsheet and took a picture of it with a cellphone.

In more open offices with cubicles, the researchers were able to gather more information than they were in offices where private offices were more prevalent. Customer service, communications and sales management areas were more vulnerable to the visual hacking. While legal, accounting and finance areas were least vulnerable. Interestingly IT help desk and data center operation areas fell roughly in the middle. In Research and Development departments, however, the hackers were not able to collect sensitive information.

Companies fared better where awareness and mandatory training were part of employee education. Also, organizations which had clean desk policies, standardized document shredding policies, and suspicious activity reporting processes were much more secure.

Evidence Solutions’ experts believe education is key. Share this newsletter and take the time to education your staff and employees. It will pay big dividends in the long run.

Evidence Solutions, Inc. offers training courses in Data Security, Social Engineering, Hacking & Data Loss Prevention and more. To schedule your employee training session:

Contact us!

We are experts in Data Breach Forensics. Call us today for a FREE consultation: 866-795-7166

By Scott Greene

Evidence Solutions, Inc.

Complex Electronic Evidence in PLAIN English.

Call us today with your Car Evidence Questions: 866-795-7166 or This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Related Forensics Expert Articles and Pages.

Social Engineering Expert: YOU are the Hacker’s Greatest Tool

Data Breach Expert: Social Engineering and OPM Breach

Digital Security Expert: Cars, Cyberattacks & Your Data!


An Article from our Trucking Experts:

Truck Driver Safety Expert: Cheap GPS Costs Driver Big Bucks
 

Complex Electronic Evidence in PLAIN English.

Like Evidence Solutions - Computer Forensics Experts on Facebook

Follow Evidence Solutions - Digital Evidence Investigation Expert Division on LinkedIn

Circle Evidence Solutions - Cyber Breach Evidence Investigation Experts on Google+

Google+ Author

Google+ Publisher