Science-based technology company, 3M, has revealed the results of a UK and worldwide experiment that demonstrates ’visual hacking is a significant risk’.
The new 2016 study, completed by Ponemon Institute across eight countries and sponsored by 3M Company, found that sensitive information was successfully captured in 91 per cent of visual hacking experiments globally. In the UK, the rate of successful visual hacks, many of which were achieved by viewing people’s computer screens, was 87 per cent.
Says Peter Barker, Market Development Manager, EMEA, 3M Display Material and Systems Division said, “the results highlight that visual hacking is a problem in the UK and also worldwide. It also happens very quickly and it proved alarmingly easy to obtain all kinds of sensitive information in the experiment. However, where visual hacking prevention measures are in place, the risk drops by more than a quarter. Clearly, UK organisations would benefit by building visual hacking prevention strategies into their security policies.”
In the experiment, a white hat visual hacker assumed the role of temporary office worker and was assigned a valid security badge worn in visible sight. The white hat hacker attempted to visually hack sensitive or confidential information using three methods: walking through the office scouting for information in full-view on desks, monitor screens and other indiscrete locations like printers and copy machines; taking a stack of business documents labelled as confidential off a desk and placing it into a briefcase; and using a smartphone to take a picture of confidential information displayed on a computer screen. All three of these tasks were completed in full-view of other office workers at each participating company.
25 per cent of successful visual hacks during the experiment were achieved because computer screens were not protected. Out of all the information deemed ‘sensitive’, 44 per cent was from this method. This was better than the global average of 52 per cent, but lags far behind the Germans, with just 33 per cent. Sensitive information obtained included log-in details, financial and other sensitive information, including contact lists and customer data. In the UK, 51 per cent of successful hacks took 15 minutes or less.
The office functions easiest to hack were sales, customer services and communications, followed by accounting and finance, and human resources. The most secure were legal, closely followed by Quality Assurance and R&D. In the UK, hackers were not confronted in 61 per cent of cases (compared to a worldwide average of 68 per cent).
Where visual security practices were in place, such as clean desk policies; workplace monitoring and surveillance; training and awareness programmes; and standardised document shredding processes, there was a global average reduction in successful hacks by 26 per cent.