The goal of a cyber attack is to circumvent the defenses put in place by the target in order to achieve various nefarious goals.
Some cybercriminals rely predominantly on their expert understanding of information technology systems and the exploits they contain. But there are also cybercriminals who don’t bother with the direct exploitation of IT systems because they know how to break the weakest link in the cybersecurity chain: the human element.
Their weapon of choice is social engineering, which revolves around the psychological manipulation of people into performing actions that are against their best interest or divulging confidential information.
Social engineering techniques play a role in 98 percent of cyber attacks. One particularly dangerous and often overlooked social engineering technique is the so-called tailgating attack. Understanding how this attack works will help you protect your organization against it.
Tailgating in social engineering and cybersecurity in general gets its name from the tailgating problem most of us are personally familiar with from driving.
During a tailgating attack, someone who isn’t authorized to enter a certain area walks behind an authorized employee, relying on the employee to open doors and otherwise provide access to the area.
In many cases, the tailgated employee has no idea that they’re letting a stranger in. Sometimes, however, the tailgater asks an unsuspecting employee to hold the door open for them while pretending to be a delivery driver or a legitimate visitor. This type of tailgating is often called piggybacking.
Because of how tailgating attacks work, they’re most effective when used to target organizations with multiple entrance points and a large number of employees. That said, tailgating has been successfully used even against small and medium-sized organizations, making it one of those threats that nobody can afford to ignore.
To increase their chances of success, attackers often combine tailgating with other social engineering techniques, such as phishing, smishing, vishing, and baiting attacks.
Tailgating attacks don’t rely on malware, but the installation of malware on a computer located in a restricted area may be the end goal. Other common goals include the theft of private or sensitive information and the disruption of IT systems.
Let’s take a look at several examples of tailgating to better explain how this social engineering attack works in practice.
Walking Through Open Doors
An attacker closely follows a legitimate employee to gain access into a restricted area. The closer the tailgater gets to the employee, the more it looks like they know each other.
Automatic sliding doors make it especially easy for tailgaters to circumvent security measures and walk right in because employees seldom look behind themselves when they go through them.
Posing as a Delivery Driver
Social engineers like to improve their odds of success by combining tailgating with impersonation. For example, they often pose as delivery drivers, wearing branded clothes and carrying packages.
Since most organizations receive deliveries on a regular basis, employees generally don’t think twice when they see someone who looks like a delivery driver walking in a restricted area.
Pretending to Have Forgotten Their ID
This form of tailgating usually works only when the target is a large organization whose employees don’t know one another well.
The attacker waits for an employee to gain security’s approval before asking them to hold the door open, explaining that they’ve forgotten their ID.
A firewall or endpoint protection software won’t help you prevent tailgating attacks, but that doesn’t mean that you’re defenseless. The key to preventing tailgating attacks is in strengthening the human element.
Most employees have no idea that tailgating attacks are a major threat. They also don’t properly understand the consequences of tailgating and the fact that it can lead to a costly data breach or extensive downtime caused by a malware infection.
That’s why organizations that have yet to address the threat of tailgating attacks should invest in security awareness training for all employees. To be as effective as possible, security awareness training should be performed on a regular basis by an experienced training provider.
A camera pointed at the entrance serves as a powerful deterrent, and it also helps spot suspicious activity—even after it has already happened. The ability to figure out how a security incident happened by watching archived security camera footage can save you from a lot of head-scratching in case a tailgater manages to infiltrate your organization and gain access to your systems.
Tailgating attacks can be made much more difficult to pull off using electronic access control systems that grant access to employees using smart cards and biometrics. Such systems have become fairly affordable, making them accessible even to organizations with limited budgets.
The only problem with electronic access control is that it can fail to deliver the desired results if employees are not trained to closely follow physical access control policies regardless of how rude it may seem to not hold the door open for a delivery driver or someone who claims to have forgotten their ID.
Tailgating is frequently a means to an end, and that end is to physically gain access to a computer in order to steal sensitive information or infect the computer and other devices connected to the same network with malware.
Basic cybersecurity best practices, such as requiring employees to log off from their computers and other devices while these are not in use and storing all sensitive data in an encrypted form can go a long way in making it impossible for tailgaters to achieve their nefarious goals.
You may not always be able to prevent a tailgating attack, but you can always have a swift incident response plan in place so that you can respond to any breach of your organization’s physical perimeter while there’s still time to minimize its consequences. Since theory and practice can be quite disparate, you should test your incident response plan from time to time to verify your ability to respond appropriately.
Sophisticated malware, zero-day exploits, and other high-skill tactics used by cybercriminals make for attention-grabbing headlines, but most attackers still rely on the same social engineering attacks that made Kevin Mitnick infamous in the 1990s.
Tailgating is a particularly dangerous social engineering technique because it can be used to gain physical access to restricted areas in order to steal sensitive information or infect computers that would otherwise be difficult to access from the public internet.
Fortunately, there are multiple defenses that all organizations can easily implement to make it much harder for cybercriminals to pull off tailgating attacks. If you would like help with their implementation, don’t hesitate to contact us at Aligned Technology Solutions.