How Does Tailgating Work?
You may have already heard the term "tailgating" in the context of driving. In this scenario, a vehicle behind your car pulls up too close, preventing you from safely stopping. In the context of security, tailgating describes someone overstepping personal space to gain entry or information that would otherwise be off-limits. Tailgating uses social engineering tricks to obtain this entry or information. Once the tailgater has access, it will steal data, install malware or ransomware, or perform other nefarious deeds. As such, tailgating can be considered low-tech hacking, often combined with cyber techniques to cause harm to an organization.
The Outcomes of Tailgating
Apart from the apparent violation of employee trust, tailgating is used to perform various harms:
Unauthorized Access: Tailgaters often attempt to gain access to computers or other devices. They may obtain this by tricking employees into sharing their passwords, as 34% of employees share passwords with coworkers. Also, the attacker could ask to share a password of a less sensitive app only to use it with an app that holds customer or employee data; more than half of employees will reuse the same password for all work-related accounts.
Theft: Tailgating can lead to the theft of computers and their devices. The attackers could also steal personal items from employees.
Data theft and Exposure: If a tailgating attacker can access a computer, they could potentially gain access to sensitive data. The attacker may be able to leverage login credentials that can then be used to escalate privileges. Any available data can then be exfiltrated and used to commit further crimes, harm the company's reputation, or sell on to cyber criminals. The theft and exposure of data also lead to non-compliance fines.
Malware and Ransomware Installation: Access to computers and networks allows a criminal to install harmful malware like ransomware. Keyloggers can also be installed and used to send further login credentials and other sensitive data to the criminal once they have left the building. This leaves the door open to carry out remote cyber-attacks.
Industrial Espionage and Sabotage: Industries like manufacturing are especially susceptible to industrial espionage and sabotage, but this can occur in any company. Industrial espionage often requires the theft of sensitive and proprietary information. Cyber-attacks are one method of obtaining this data, but tailgating can be another way to steal proprietary information.
Danger to Employees:Tailgaters are intruders and could pose a risk to employees.
Typical Tricks Used During Tailgating
Tailgating can use various tricks and manipulation to gain unauthorized entry or obtain information, like login credentials. However, some of the more common methods used in tailgating include the following:
- Walking behind you as you enter a restricted area, gaining entry without entering a key code or access card.
- Pretending to take a call to avoid speaking with a security guard (a tactic used by Colin Greenless.)
- Wearing the uniform of someone who regularly enters the building, like a delivery person.
- Playing on people’s willingness to help, e.g., having your hands complete so you can’t open a door, then getting a member of staff to use their entry code for access.
- Copy or fake an ID card.
How is Tailgating Linked to Social Engineering?
Tailgating involves many methods and limitless tactics that open doors for attackers. However, manipulating human behavior is essential to a successful tailgating attack. Social engineering, i.e., using deception to encourage people to perform an action that benefits an attacker, is central to tailgating.
Tailgating may be a low-tech attack method, but tailgating takes advantage of human behaviors like its cyber cousin, phishing. Tailgaters manipulate people into opening doors, sharing passwords, using behaviors like group conformism, and paying it forward (you do me a favor, and I'll do the next person a favor). People act in specific ways to keep the status quo. People like to help, keep work on an even keel, act in synchronicity with coworkers, and lend a helping hand. Tailgaters socially engineer employees into thinking they are coworkers, delivering an essential package, or needing help understanding an app. As such, being able to manipulate people is a core tactic of tailgating.
Jennifer Marsh
- SECURITY AWARENESS TRAINING
Learn More
Further Reading
- The Ultimate Guide to Security Awareness Training
- Cyber Security Awareness Assessment Checklist
- Social Engineering Awareness Training
How SafeTitan Can Help?
How can TitanHQ Prevent the Damage from Tailgating?
Unauthorized access is not just an issue for cyber security; it is a general problem that requires a human-centric solution. Tailgating exploits human behavior. To counteract tailgating, a company must include the techniques and tactics used by criminals who exploit physical attack methods. These physical methods often lead to the same outcomes as a cyber-attack, like malware infection and data theft. Therefore, training employees to identify tailgating as any cyber threat is as important.
TitanHQ provides a comprehensive security training awareness program covering all security aspects, including social engineering. SafeTitan provides social engineering training that teaches employees how to identify attempts to manipulate them into performing tasks that would benefit a criminal. SafeTitan is a behavior-led security awareness solution tailored to help individuals focus on their strengths and adjust to weaknesses. With regular tailored training, an employee can identify and stop a criminal's manipulative efforts using tailgating tactics.
SafeTitan also helps employees understand how a clean desk or lock screen policy can help prevent tailgating.
Security awareness training for staff will help prevent a successful tailgating attack alongside security measures such as security audits, CCTV surveillance, and robust physical access controls.