Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Business

Posted By Gbaf News

Posted on August 30, 2016

GLOBAL EXPERIMENT SHOWS JUST HOW EASY VISUAL HACKING IS TO ACHIEVE

By Peter Barker, 3M

We all know that security is a concern and a big focus for the financial services industry worldwide.  Most of us are also pretty familiar with the typical types of security problems or breaches, but are perhaps less aware of what is known as visual hacking.  However, the results of a global experiment carried out by the Ponemon Institute and sponsored by 3M, the science-based technology company, has demonstrated that this form of security risk is worryingly easy and fast to execute.  Worldwide, 91 per cent of visual hacking attempts were successful.

 Before we look at the results in more detail, let’s remind ourselves exactly what is visual hacking.  Put simply, it is the ability to obtain sensitive information by viewing someone else’s screen, whether in the office, on the move or working remotely.  Think about it: how many visual displays do most of us have? Many workers will have a desktop monitor, a laptop, a mobile phone and some kind of tablet device, perhaps more.  That’s four areas of potential vulnerability.

 A global experiment

The Global Visual Hacking Experiment conducted by the Ponemon Institute highlighted the potential risks of not securing information from prying eyes.  The 2016 experiment covered eight countries in total:  Germany, South Korea, Japan, India, France, China and the UK , and followed on from an initial project in the US in 2014.  A total of 157 ‘trials’ were carried out, across a broad array of organisations including the financial services sector, with company sizes ranging from less than 25 to more than 100 employees.

In the experiment, a ‘white hat’ visual hacker (a computer security expert, specialising in testing the security of organisations’ information systems) assumed the role of temporary office worker and was assigned a valid security badge worn in visible sight.  Total estimated time for the study was two hours.  Participating companies were provided advance notice approximately two days before each trial.

The white hat hacker attempted to visually hack sensitive or confidential information using three methods: walking through the office scouting for information in full-view on desks, monitor screens and other indiscrete locations like printers and copy machines; taking a stack of business documents labelled as confidential off a desk and placing it into a briefcase; and using a smartphone to take a picture of confidential information displayed on a computer screen. All three of these tasks were completed in full-view of other office workers at each participating company.  The white hat hacker was only confronted in a global average of just 32 per cent of attempts.

 Result highlights

Out of all the information obtained that was deemed sensitive, 52 per cent was obtained by viewing people’s screens.  The best performing country – Germany – was 33 per cent, with  South Korea the worst at 70 per cent.  Around half of all successful hacks took 15 minutes or less to achieve.

 Not all departments were equally vulnerable.  The office functions easiest to hack were sales, customer services and communications, followed by accounting and finance, and human resources.  The most secure were legal, closely followed by Quality Assurance and R&D.

 Information obtained was wide-ranging and included: personal ID, customer data, employee details, general business correspondence, access and log-in credentials, confidential or classified documents, attorney-client privileged documents, financial, accounting and budgeting information.

 Light on the horizon

Where visual security practices were in place there was a global average reduction in successful hacks by 26 per cent.  Measures to mitigate visual hacking are often very simple, such as clean desk policies, document shredding, or simply just educating employees around the need to be protect visually accessible information more efficiently.  Also be aware of visitors and contractors who might present a security risk.

 Other measures might include use of screen-savers and automatic log-in after a few minutes of inactivity.  Plus, just ensuring that screens are not positioned at an easily viewable angle is a step in the right direction.

 Another, more robust approach is to use privacy filters.  Already adopted by a variety of financial institutions, these are film-based devices that can be slipped on and off a variety of screens, from desktop monitors to smartphones.  Once in place, the on-screen data is only visible either at very close range and ‘straight on’, so it is effectively invisible to someone looking over a shoulder or taking a sideways glance.

 Above all, visual privacy needs to be a management-level topic and an integral part of overall security strategies, rather than just an afterthought.   Putting in place visual hacking controls is only one part of a much bigger security challenge, but it is one that is relatively simple and cost-effective for the financial services industry to address.

3M is a trademark of 3M Company.

Recommended for you

  • Alaamry Global Capital’s Annual Letter: Saudi Investor Khalid Alaamry on Strategic Thinking for International Markets.

  • Enhancing Guest Loyalty in Hospitality: The Impact of Personalized Services on Customer Satisfaction

  • Building Brand Equity in Luxury Goods: The Role of Heritage and Craftsmanship