Roughly 9 Out Of 10 Businesses Are Open To Visual Hacking, Study Finds
Sensitive information contained in documents on a worker’s desk, computer screen or around the office are often at risk of being stolen, according to findings from a global study released Wednesday.
The experiment, called the 2016 Global Visual Hacking Experiment, involved 157 trials from 46 participating companies across the U.S. and seven other countries. Maplewood-based industrial supplies manufacturer 3M sponsored the study, which was conducted by information security consultant Ponemon Institute as an expansion of a similar study it did in 2015.
Visual hacking—although different from a cyberattack or a data breach—in many cases can escalate a business’ chances of experiencing a digital security event. “In this study, 80 percent of respondents who self-reported their organizations had at least one data breach in a 12 month period said that 49 percent of these breaches involved the loss or theft of paper documents,” Ponemon’s 2015 study noted.
It its most recent experiment, visual hackers played the role of a temporary office worker and were assigned a security badge. They then attempted to gather sensitive or confidential information left in plain site through various methods, including: reading information displayed on a computer screen or desk, photographing that information, and even physically taking documents and placing them in a briefcase.
Approximately 68 percent of the time, office personnel did not question or report the visual hacker. The success rate for the visual hackers in both experiments averaged out at 91 percent.
Sensitive or confidential information the visual hackers managed to acquire ranged from login credentials to a customer’s payment information. Customer service departments and sales management offices were the most fruitful targets, the study noted, while organization’s with an open office floor plan were more susceptible to visual hacking than traditional office set-ups.
“The results of these experiments uncover the significant visual privacy risks that all organizations face globally, regardless of their size, business type or location,” said Dr. Larry Ponemon, founder of the Ponemon Institute and chairman of the 3M-sponsored Visual Privacy Advisory Council. “While visual hacking is often considered a low-tech threat, the repercussions can be just as detrimental as a high-tech cyberattack.”
A number of protective measures against visual hacking are noted in the study. Particularly, keeping desks clean and shredding confidential documents when they are no longer of use eliminates much of the risk. Also, privacy filters, which are placed on a computer or smartphone screen to block side glances from an unwanted person, were noted as a useful deterrent.