Smokers as a risk for corporate security
British security service provider NTA Monitor says that a complete ban on smoking in corporate buildings may endanger IT security in companies, among other things. The problem occurs when smokers have to leave the building to smoke outside. They then literally leave backdoors open for attackers.
These concerns stem from what may possibly be a new source of risk to IT security. Often, attacks on corporate IT infrastructures do not come from the internet, but rather attackers enter the building physically by means of "social engineering" tricks and then connect to the local network in empty offices, where they install spyware or gather data. They do not need trojans or holes in the firewall to do any of this. A staff member at NTA Monitor reportedly took advantage of a door left open by smokers to enter a building all the way to a conference room during a penetration test.
Social engineering attacks are nothing new. For years, providers of penetration tests have been offering to conduct such attacks disguised as a member of staff to refill snack vending machines and water dispensers or as maintenance staff for copy machines. But NTA Monitor says that demand for such testing is growing. The service provider did not say whether this demand might be due to the possibility of a ban on smoking.
- No smoke without fire, report from NTA Monitor