What is Tailgating in Cyber Security?

The current threat landscape forces organizations to focus on cybersecurity and the challenges of protecting their computing resources and intellectual property from cyberattacks. This focus is well justified as the prevalence of attacks and their sophistication continues to increase. Companies that fail to take the threat seriously put their IT environment and valuable data resources at unnecessary risk.

While it is vitally important to implement robust cybersecurity measures, maintaining the physical security of an IT environment is of equal significance. Failing to adequately protect the facility housing a company’s hardware and employees presents a different category of risk. It can also offer an additional attack vector through which malware can be introduced to the environment.

What is Tailgating?

Tailgating is a simple type of social engineering attack where an unauthorized entity takes advantage of an opportunity in an attempt to gain access to a restricted area. Once access has been attained, the unauthorized actor can engage in many types of behavior that can damage the IT infrastructure, lead to a data breach, or cause physical harm to onsite personnel.

How a Tailgating Attack is Perpetrated

Threat actors have multiple tailgating techniques from which to choose. The one they employ in a given situation is often determined by the type of security they need to subvert to gain access. Their method may also be influenced by the volume and type of traffic that passes through the entry point they plan to exploit.

The following common methods of tailgating are employed by threat actors trying to get into a restricted area.

• Following closely behind an authorized person works in situations where authorization is granted via a card swipe or another electronic method and there are no safeguards to prevent multiple people from entering the facility.
• Doors that are propped open by personnel taking a break and wanting to avoid an authorized reentry offer threat actors a simple way inside.
• Opening slowly closing doors before they fully shut is another way to take advantage of the physical conditions of the facility.
• Impersonating delivery or service personnel is a more risky method of tailgating as it typically demands the threat actor to present themselves to someone in authority to gain entry.
• Taking advantage of common courtesy is often a tactic used when tailgating. Calling out, “Please hold the door,” will usually get a positive response and may allow an unauthorized person through the entry.

In many cases, the perpetrator will conduct surveillance to determine the best method of defeating security. Considering the above tailgating methods, a threat actor could determine when deliveries are expected, which doors close slowly, and which doors may be propped open during the day from observing the area.

Why Tailgating Works

In some cases, as with the slow-moving doors, threat actors are simply taking advantage of the conditions that present themselves. Tailgating also involves preying on human nature and the tendency of people to be courteous and trust others unless given a reason to be skeptical. Courtesy and trust are the tools used when impersonating delivery personnel or calling for the door to be held open.

Dangers of a Tailgating Attack

Tailgating can be extremely dangerous for the victimized facility. Following are the dangers possible from successful tailgating.

• Physical damage and vandalism - Threat actors can cause a lot of damage to computing hardware in a short time.
• Personal danger to employees - Unauthorized personnel may cause physical harm to employees and support staff.
• Data theft - The purpose of the incursion may be to access systems and steal valuable data.
• Equipment theft - Once inside the facility, criminals can steal equipment.
• Reconnaissance for future attacks - The purpose of a tailgating incident may be to provide more extensive knowledge regarding the facility for future and more damaging attacks.
• Defeating air-gapped defenses - Threat actors who gain access to air-gapped IT facilities can plant malware directly into the environment via infected USB drives.

How to Prevent Tailgating

Tailgating can be prevented with a combination of the following measures.

• Employee training - The most effective preventative measure is to have a fully trained and security-conscious workforce. Everyone needs to understand their responsibilities in keeping the facility secure and the dangers of lax security.
• Smart cards and badges - All authorized personnel should have a smart card or badge and barriers should be in place that require every person to authenticate before being granted access.
• Biometric access controls - Biometrics offer more secure access controls that cannot be subverted with a stolen ID card or badge. As with card entry, measures must be enforced to ensure that only the authenticated individual is allowed to access the facility or room.
• Human security guards - The presence of human security guards can be used to strengthen any method of automated entry. Guards can verify that only one person is entering at a time. Guards can also be used to confirm a person’s identity before permitting entry.
• Video surveillance - Video surveillance systems used in conjunction with automated authentication or human security guards can monitor the facility. Detected anomalies can be quickly identified and investigated further by onsite security personnel.

The bottom line is that it takes a concerted effort to maintain the physical security of a restricted facility. Robust technical defenses can be defeated by a single person trying to be nice and holding the door for a stranger.

Limiting the Damage of a Tailgating Attack with XDR

XDR cannot stop tailgating nor prevent a threat actor who has gained access to the environment from planting malware. XDR’s value comes from limiting the damage of a tailgating attack that is targeted at an organization’s IT systems by:

• Identifying malware activity resulting from the tailgating attack;
• Identifying subtle lateral movements and weak signals of sophisticated threat actors;
• Alerting security personnel of detected anomalies that may point to the presence of threat actors.

Implementing the necessary measures to minimize the risks of tailgating should be considered best practice for all organizations that operate a physical data center. Once threat actors have breached your defenses, XDR can help detect their malicious activity and limit its spread and the amount of damage it can cause.

XDR is a cloud-based platform suitable for companies of all sizes. The experts at Samurai will show you how to incorporate this advanced security solution into your existing environment. The addition of XDR enhances your ability to protect your valuable assets from the dangers of sophisticated threat actors.