by Brianna Crandall — August 15, 2016 — Organizations around the world are at risk of sharing highly sensitive information through visual hacking in business office environments. This risk was confirmed in the 2016 Global Visual Hacking Experiment, an expansion of the 2015 Visual Hacking Experiment conducted in the United States by Ponemon Institute and sponsored by global technology giant 3M Company.
The global study included trials in China, France, Germany, India, Japan, South Korea and the United Kingdom. The combined results found that sensitive information was successfully captured in 91% of visual hacking attempts globally, with implications for facilities managers in the areas of workspace setup and security product purchases.
The global experiments involved 157 trials with 46 participating companies across the eight countries. They exposed low-tech hacking methods as a significant risk to corporations around the world. The findings revealed that organizations need to create awareness among employees on protecting data displayed on device screens, as 52% of the sensitive information captured during the experiments came from employee computer screens.
In the experiments, a white hat visual hacker assumed the role of temporary office worker and was assigned a valid security badge worn in visible sight. The white hat hacker attempted to visually hack sensitive or confidential information using these methods, all completed in front of other office workers at each participating company:
- Walking through the office scouting for information in full view on desks;
- Observing computer monitor screens and other indiscrete locations like printers and copy machines;
- Taking a stack of business documents labeled as confidential off a desk and placing it into a briefcase; and
- Using a smartphone to take a picture of confidential information displayed on a computer screen.
Combined average highlights from the 2015 U.S. Visual Hacking study and the 2016 Global Visual Hacking study revealed the following:
- Visual hacking is a global problem. Visual hacking occurred in all countries where the experiment was conducted, with 91% of attempts being successful.
- Employee computer screens are most at risk for visual hacking. Globally, 52% of sensitive information was visually hacked from employee computer screens.
- A company’s most sensitive information is at risk. Of the visually hacked data, 27% was considered sensitive information, including login credentials, attorney-client privileged documents, confidential or classified documents, and financial information. The information was deemed to be sensitive because of the potential security risk to the organization in the aftermath of a data-breach incident.
- Visual hacking happens quickly. It took less than 15 minutes to complete the first visual hack in 49% of the hacking attempts.
- Office workers are timid about confronting a visual hacker. In 68% of the hacking attempts, office personnel did not question or report the visual hacker even after witnessing unusual or suspicious behavior.
- Office layout affects visual hacking. Traditional offices and cubicles make it easier to protect paper documents and more difficult to view a computer screen. In contrast, an open floor plan appears to exacerbate the risk of visual hacking.
- Companies can take action. The experiment revealed that companies with sound, privacy-control practices experienced 26% fewer visual privacy breaches on average.
According to Dr. Larry Ponemon, founder of Ponemon Institute and chairman of the 3M-sponsored Visual Privacy Advisory Council:
The results of these experiments uncover the significant visual privacy risks that all organizations face globally, regardless of their size, business type or location. While visual hacking is often considered a low-tech threat, the repercussions can be just as detrimental as a high-tech cyberattack.
For more information about the study and how to help prevent visual hacking, visit the 3M Web site.
As an expert in screen privacy, 3M offers a broad line of privacy products to fit most of today’s popular devices. 3M visual privacy solutions can be applied to the screens of desktop monitors, laptops, tablets and smartphones to help organizations prevent visual hacking by protecting information displayed on screens, and help comply with data privacy rules.
