AbleToTrain by Willing & Able

What is a tailgating social engineering attack?

The tailgating attack in social engineering attacks comes from unauthorized individuals attempting to sneak in behind authorized personnel or convince staff that they are allowed to access to restricted area (e.g., business premises, commercial buildings, etc.). Tailgating is unique among cyberattack methods as it requires an in person actor attempting to bypass physical protections on an organization`s premises.

Tailgating in Social Engineering Attacks

Social engineering attacks are based on manipulation of an individual relaying on psychology. Protecting your organization from tailgating attacks requires:

  • Understanding what tailgating attacks are and common examples

  • Conducting regular security awareness training

  • Implementing robust identity and access management (IAM)

  • Establishing rapid incident response procedures

Tailgating Attack Examples

Referring to these threats as “tailgating computer attacks” can be somewhat misleading. Intruders may use tailgating to target physical IT infrastructure or access endpoints connected to an organization`s network. Still, the attack method itself relies on a person gaining physical entry to restricted zones.

Common tailgating attack examples include:

  • Hold the door – An attacker pretends to be a coworker and asks someone entering physical premises to hold open a door. The attacker may claim they`ve forgotten their ID card or loiter around accessible break areas and even engage in conversation with organization staff to further the perception that they are a fellow employee.

  • Delivery or Vendor Identity – Attackers claim access by pretending to be delivering supplies, packages, groceries, or other items.

  • Borrowed Device – An attacker can ask an employee to borrow a laptop or mobile device and claim that the battery is dead. While using the device, an attacker could install malicious software or save access methods for later use (such as copying user credentials).

“Tailgating” and “Piggybacking”

As the name implies, tailgates and piggybacks rely on driving authorized users into restricted areas. The slight difference between the two terms comes from the knowledge of authorized users about intrusion attempts. Those who may be victims of the “piggyback” attack know that another is following their approach, but authorized ones notice that the trailer is trying a rear-end hitch. It may not be.

However, keep in mind that in many cases these terms can be used interchangeably.

Prevention of tailgate attacks

The best approach an organization can take to neutralize social engineering attacks is to recognize threat indicators and implement strong digital and physical authentication policies because humans do not have to configure security settings. It is to train the members. Organizations also need to develop a rapid incident response plan in case an intruder successfully breaks a physical boundary using the tailgate method.

Security awareness training

All organizations should provide regular cybersecurity awareness training to their employees. Short training sessions during onboarding are not enough. Employees need to know how to detect potential attacks, report them to the appropriate security personnel, and take action. Therefore, training topics should include phishing and tailgating.

However, keeping it up to date and providing training to employees can overwhelm the security team. If your day-to-day cybersecurity tasks already occupy enough of your team’s bandwidth, consider hiring a specialist such as RSI Security to train your staff. In addition to guided training, employees can be tested with simulated attacks on knowledge retention. The phishing simulation tests the ability to send fake social engineering attacks to employees to find indicators of common threats. Collect and analyze employee responses to determine if there are recurring weaknesses and further improve your training.

ID and access management

The identity and access control system monitors user authentication and authorization. User authentication is the most commonly recognized standard login method that requires a username and password to verify a person’s identity. Permissions are the permissions and privileges granted to a user depending on the user’s job duties.

If you consider each organization’s IT environment to be a separate country, authentication is similar to presenting a passport at the border. Your permit is any region of the country you can enter and any activity you can engage in once you get there. The IAM system provides significant protection against close social engineering attacks by requiring individuals to identify themselves at all physical and digital entry points. Most IAM systems focus on digital access, but many are still integrated with physical security systems and procedures.

Prompt incident response

Enterprises need to develop a rapid incident response plan in case a tailgate violates an organization’s physical environment or security efforts and restricts access to specific areas. You should notify your security team if you suspect that someone has violated your physical protection, or if you experience unusual user activity on your network.

Some organizations outsource these cybersecurity efforts to professionals who provide controlled detection and response services. If continuous scanning discovers a threat or vulnerability, notify the security team immediately, implement a defined response plan, mitigate the threat, identify the root cause, and all services and operations. Restores and prevents recurrence.