Risk: Informational
A total ban on smoking is fast approaching in all UK workplaces and NTA Monitor believes that this may leave companies vulnerable to a growing security threat - gaining corporate information via social techniques.
In a recent social engineering test undertaken by NTA, a tester was able to easily gain access to a corporate building through a back door that was left open for smokers. Once inside, the tester requested to be taken to a meeting room, claiming that the IT department had sent him. Even without a pass, he gained access unchallenged and was then able to connect his laptop to the VoIP network via a telephone point.
Roy Hills, Technical Director at NTA Monitor, comments: "It used to be that companies 'left the back door open' in terms of Internet security. Now they are literally leaving their buildings open to accommodate smokers. We are experiencing a surge in demand for social engineering tests as hackers are turning to social techniques to infiltrate corporate networks.'
'This latest social engineering test has proved that once inside a corporate building, an attacker can use social methods on employees to gain access to restricted areas and information if a rigid staff pass system is not in place."