Police Warn of Physical IT Risk from Malicious Contractors

Organized crime groups are increasingly looking at ways to physically access IT infrastructure via insiders in contracting firms, police cyber-chiefs have warned.

Shelton Newsham, manager of the Yorkshire and Humber Regional Cyber Crime Team, reportedly told the SINET Global Cybersecurity Innovation Summit last week that gangs are placing their own people in cleaning companies, in order to target corporate networks.

“Exploitation of staff is a key area”, Newsham said, according to CBR.

“Organized crime groups are planting ‘sleepers’ in cleaning companies that a procurement team may look at bidding for. There’s no way of auditing their vetting. They’ll also using people in painting and decorating firms; anyone who has out-of-hours access to a building is fair game.”

Jake Moore, cybersecurity specialist at ESET, argued that both cyber and physical security are crucial to maximizing protection of corporate assets, but that it’s a difficult message to get through to the board, especially given the costs involved.

“The best way to realize a business’s own flaws is to conduct a basic penetration test that involves both physical and cyber-threat vectors, and this will easily highlight where those risks lie,” he added.

“It would be arrogant to think that your business does not have weaknesses, so it is best to test these out using red team professionals who will acknowledge any weak points that need addressing.”

The warnings from Yorkshire police echo those made at Infosecurity Europe last year, when Holly Grace Williams, technical director at Secarma, 
Support the originator by clicking the read the rest link below.