August 15, 2013
Heather Bearfield, National Technology Assurance Services Practice Group Leader, Quoted in The Wall Street Journal Article "The Overlooked Cyber Threat: An Unlocked Door"
By Christopher Matthews
As companies become increasingly attuned to the vulnerability of their computer systems to cyberattacks, many may be overlooking a more obvious hole in their protections: The front door.
While the threat of a hacker cracking the company firewall is real, cybersecurity experts say that a would-be data thief is just as likely to gain access to the company jewels by convincing an employee to hold open a locked office door.
Less common, but equally as important, are so-called "physical penetration tests," in which an outside firm is hired to actually infiltrate a company's facility. Heather Bearfield, national leader of the Technology Assurance Services Practice Group at Marcum LLP, said about 50% of her clients hire the New York City-based consulting firm to do social engineering tests, like phishing emails, and a smaller subset of that 50% will ask for a physical penetration test.
According to Ms. Bearfield, some penetration tests involve simply observing employee habits. A client company might present a Marcum tester to employees as a temporary worker. The tester could then observe potential vulnerabilities in the office - passwords written on sticky notes, unlocked work stations - and then report back to the company, Ms. Bearfield said.
"We've even found an employee's personal wireless router hidden in a potted plant," Ms. Bearfield said.