August 15, 2013
Heather Bearfield, National Technology Assurance Services Practice Group Leader, Quoted in The Wall Street Journal Article "The Overlooked Cyber Threat: An Unlocked Door"
By Christopher Matthews
Featured: Heather Bearfield, Principal, IT Risk and Assurance
Excerpt:
As companies become increasingly attuned to the vulnerability of their computer systems to cyberattacks, many may be overlooking a more obvious hole in their protections: The front door.
While the threat of a hacker cracking the company firewall is real, cybersecurity experts say that a would-be data thief is just as likely to gain access to the company jewels by convincing an employee to hold open a locked office door.
Less common, but equally as important, are so-called "physical penetration tests," in which an outside firm is hired to actually infiltrate a company's facility. Heather Bearfield, national leader of the Technology Assurance Services Practice Group at Marcum LLP, said about 50% of her clients hire the New York City-based consulting firm to do social engineering tests, like phishing emails, and a smaller subset of that 50% will ask for a physical penetration test.
According to Ms. Bearfield, some penetration tests involve simply observing employee habits. A client company might present a Marcum tester to employees as a temporary worker. The tester could then observe potential vulnerabilities in the office - passwords written on sticky notes, unlocked work stations - and then report back to the company, Ms. Bearfield said.
"We've even found an employee's personal wireless router hidden in a potted plant," Ms. Bearfield said.
Marcum LLP is one of the largest independent public accounting and advisory services firms in the nation, with offices in major business markets throughout the U.S., as well as Grand Cayman, China and Ireland.
