Electronic defenses, especially perimeter defenses, can be defeated if attackers gain physical access to IT assets. If an attacker can reach an office, the attacker could:
- Install hardware keyloggers to capture keystrokes, including usernames and passwords
- Pose as a driver from a parcel delivery service and pickup backup tapes and disks
- Engage in social engineering with office staff to learn about security procedures, office policies, and the names of executives and managers in the office
- Use a rogue device to access a poorly secured wireless network
Any one of these ploys might not be enough to compromise a system or result in a disclosure, but they can provide pieces to the security puzzle that attacker is trying to assess. Physical access controls, surveillance, and security awareness training are countermeasures to this type of threat.
From increasingly sophisticated malware to social engineering to physical threats, there are many ways to fall victim to information security attacks. With a large set of countermeasures at one's disposal, the question arises, how to choose among them?
How to Assess and Mitigate Information Security Threats
Malware: The Ever-Evolving Threat
Information theft and cryptographic attacks
Attacks targeted to specific applications
Threats to physical security
Balancing the cost and benefits of countermeasures
This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.