Organizations around the world are at risk of sharing highly sensitive information through visual hacking in business office environments. This risk was revealed in the 2016 Global Visual Hacking Experiment, an expansion of the 2015 Visual Hacking Experiment conducted in the U.S. by Ponemon Institute and sponsored by 3M Company. The global study included trials in China, France, Germany, India, Japan, South Korea and the U.K. The combined results found that sensitive information was successfully captured in 91 per cent of visual hacking attempts globally.
The global experiments involved 157 trials with 46 participating companies across eight countries. They exposed low-tech hacking methods as a significant risk to corporations around the world. The findings revealed that organizations need to create awareness among employees on protecting data displayed on device screens, as 52 per cent of the sensitive information captured during the experiments came from employee computer screens.
In the experiments, a white hat visual hacker assumed the role of temporary office worker and was assigned a valid security badge worn in visible sight. The white hat hacker attempted to visually hack sensitive or confidential information using three methods: walking through the office scouting for information in full view on desks; observing computer monitor screens and other indiscrete locations like printers and copy machines; taking a stack of business documents labeled as confidential off a desk and placing it into a briefcase; and using a smartphone to take a picture of confidential information displayed on a computer screen. All three of these tasks were completed in front of other office workers at each participating company.
Combined average highlights from the 2015 U.S. Visual Hacking study and the 2016 Global Visual Hacking study revealed the following:
- Visual hacking is a global problem. Visual hacking occurred in all countries where the experiment was conducted, with 91 per cent of attempts being successful.
- Employee computer screens are most at risk for visual hacking. Globally, 52 per cent of sensitive information was visually hacked from employee computer screens.
- A company’s most sensitive information is at risk. Of the visually hacked data, 27 per cent was considered sensitive information, including login credentials, attorney-client privileged documents, confidential or classified documents, and financial information. The information was deemed to be sensitive because of the potential security risk to the organization in the aftermath of a data-breach incident.
- Visual hacking happens quickly. It took less than 15 minutes to complete the first visual hack in 49 per cent of hacking attempts.
- Office workers are timid about confronting a visual hacker. In 68 per cent of hacking attempts, office personnel did not question or report the visual hacker even after witnessing unusual or suspicious behavior.
- Office layout affects visual hacking. Traditional offices and cubicles make it easier to protect paper documents and more difficult to view a computer screen. In contrast, an open floor plan appears to exacerbate the risk of visual hacking.
- Companies can take action. The experiment revealed that companies with sound, privacy-control practices experienced 26 per cent fewer visual privacy breaches on average.
“The results of these experiments uncover the significant visual privacy risks that all organizations face globally, regardless of their size, business type or location,” says Dr. Larry Ponemon, founder of Ponemon Institute and chairman of the 3M-sponsored Visual Privacy Advisory Council. “While visual hacking is often considered a low-tech threat, the repercussions can be just as detrimental as a high-tech cyber attack.”
As the expert in screen privacy, 3M offers the industry’s broadest line of privacy products to fit most of today’s popular devices. 3M Visual Privacy solutions can be applied to the screens of desktop monitors, laptops, tablets and smartphones to help organizations prevent visual hacking by protecting information displayed on screens and help comply with data privacy rules. Learn more at www.3Mscreens.com.