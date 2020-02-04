Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Police Warn of Physical IT Risk from Malicious Contractors

Organized crime groups are increasingly looking at ways to physically access IT infrastructure via insiders in contracting firms, police cyber-chiefs have warned.

Shelton Newsham, manager of the Yorkshire and Humber Regional Cyber Crime Team, reportedly told the SINET Global Cybersecurity Innovation Summit last week that gangs are placing their own people in cleaning companies, in order to target corporate networks.

“Exploitation of staff is a key area”, Newsham said, according to CBR.

“Organized crime groups are planting ‘sleepers’ in cleaning companies that a procurement team may look at bidding for. There’s no way of auditing their vetting. They’ll also using people in painting and decorating firms; anyone who has out-of-hours access to a building is fair game.”

Jake Moore, cybersecurity specialist at ESET, argued that both cyber and physical security are crucial to maximizing protection of corporate assets, but that it’s a difficult message to get through to the board, especially given the costs involved.

“The best way to realize a business’s own flaws is to conduct a basic penetration test that involves both physical and cyber-threat vectors, and this will easily highlight where those risks lie,” he added.

“It would be arrogant to think that your business does not have weaknesses, so it is best to test these out using red team professionals who will acknowledge any weak points that need addressing.”

The warnings from Yorkshire police echo those made at Infosecurity Europe last year, when Holly Grace Williams, technical director at Secarmaargued that physical intrusions too often go unreported by staff.

CISOs don’t just have to worry about cyber-criminal gangs exploiting physical access to target IT systems. Last year a former college student pleaded guilty to vandalizing computer equipment at his alma mater, the College of St. Rose in Albany, New York.

Vishwanath Akuthota used a “USB Killer” device he bought online to destroy IT kit with an electrical charge.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Maze Ransomware Hits Law Firms and French Giant Bouygues

2
News

Zynga Breach Hit 173 Million Accounts

3
News

Missile Engineer Arrested After Taking Secret Info to China

4
News

Quantum Computing is Here, Look to a Post Quantum Future

5
News

Cybersecurity Incident Mars Australian Freight Giant's Operations

6
News

US County's Computers Still Down Nine Days After Ransomware Attack

1
Editorial

The Road Goes Ever On (Q1 2020 Issue)

2
News

Police Warn of Physical IT Risk from Malicious Contractors

3
Webinar

Gain Control and Security of Your File Collaboration

4
News

Twitter Fixes API Bug That Unmasked Users

5
News

Suffolk iCloud Voyeur Gets 32 Months Behind Bars

6
Opinion

The Five States of Compliance Maturity: Building a Strong Training Strategy

1
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

2
Webinar

Making a SOAR Strategy Work For You

3
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

4
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

5
Webinar

New Year, New Decade, New Threats and Challenges

6
Webinar

The Insider's Motive: Defending Against the 7 Most Common Insider Threats

1
Blog

Big Data, Big Risks: Addressing the High-Tech & Telecoms Threat Landscape

2
News

#BSidesLeeds: Cyber is Running the World, More Innovation to Come

3
Interview

Interview: Shahrokh Shahidzadeh, CEO, Acceptto

4
Blog

Why the Travelex Incident Portends the Changing Nature of Ransomware

5
Interview

Interview: Jonathan Armstrong, Partner, Cordery

6
Opinion

The Risk of Increase in Social Cyber Security in 2020