/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2015/08/ID-100260833.jpg)
Anil Chopra
To increase productivity, many organizations are creating open workspaces without walls and cubicles. As a result, it is more likely that sensitive and confidential documents will be visible to prying eyes making Visual hacking a prevalent problem for the organizations and individuals.
Sensitive information can be read or stolen by either a curious individual or a malicious hacker from the displays of laptops and smartphones of unsuspecting individuals as well as in paper documents that are left in plain sight on desks, printers, conference tables, and other office locations or outside meeting sites.
A global study conducted by 3M and Ponemon Institute across 8 countries on the growing prevalence of data theft called ‘visual hacking or shoulder surfing’ (act of gathering someone's information or credentials by visual means by looking over someone's shoulder). India has been reported as the highest(100%) vulnerable country for ‘visual hacking’.
In a Q&A, Sanjiv Das, Product Manager, optical films, 3M India speaks more on the concerns and the pre-emptive measures that can be taken by the individuals to protect the confidential and sensitive information from prying eyes.
How serious is visual hacking in India as compared to other forms of hacking?
Considering the nature of business nowadays is homogenous across the world, with much of the work spread over continents and countries, the risks in India would be similar to the risks in rest of the world. Though it is challenging to ratify the seriousness of a type of threat as it changes based on environment, type of data, mobility, etc. we can attempt to analyze the threat by judging the responses put in place for the same. We see almost every organization in India take adequate steps like firewalls, antivirus, locks, data wipe, etc. to counter online threats as well as physical theft of devices. However, not many organizations are aware of, or provide security measures for confidential on-screen data like passwords, customer details, credit card and financial information, payroll details, business financials, etc. that may be hacked in an aeroplane, lounges, customer places or open offices. Given such circumstances, the threat of visual hacking in India seems high purely due to low awareness and preparedness to take counter measures.
Which sectors and industries are the most vulnerable to visual hacking?
Almost every organization has some area where it needs visual privacy. While audit and consultancy firms, IT and ITeS companies, design houses etc. do have a larger workforce carrying sensitive data in their devices, one would always find the top level executives, travelling employees, customer facing personnel needing protection from visual hacking. Even within an organization that faces no visual hacking threat, the HR and payroll department might want to protect visual privacy.
What kind of users are vulnerable to visual hacking?
Visual hacking can be described as an act of gathering someone's information or credentials by visual means. It can be done by looking over someone's shoulder when they are operating their gadgets like phone, laptops, tablets etc. When an attacker looks into the screen of nearby gadget to steal information about the user, then it is included in visual hacking. Anyone and everyone can be a victim of visual hacking. Not just employees of a company, but a common man travelling by bus/trains/metros, etc. can very well be a victim of password theft/personal social account hacking, etc.
In the industry, users who travel and work in aeroplanes, buses and trains etc, top executives who carry high level confidential data, designers, HR and payroll, employees of companies processing credit card and financial information for others, employees of firms who work on projects from overseas clients with strong data protection legislations are the ones who are most affected by visual hacking .
What should one do to avoid being a victim of visual hacking?
One needs to be sensitive to his environment and take adequate steps that confidential data is not exposed. However, in most cases this affects employee productivity. So, measures like using a privacy screen guard for computers, phones or tablets are highly recommended.
Could you highlight a few serious cases of visual hacking in India?
We are not in a position to divulge specific information. However, in 2016, 3M commissioned an experiment involving white hat hacking of participating companies across the globe. An ethical hacker was sent in to the participating company premises in an attempt to visually hack as much data as possible. Organizations from India were also involved in this experiment. Unfortunately, in the 22 attempts made on companies inside India, 121 pieces of information were collected which translates to 5.5 pieces of information per attempt. This figure is the highest in the world, surpassing countries like Korea, China, Japan, Germany, US, France and UK.
Could you share some important findings from the study?
Here are some more results from the experiment:
a . Visual hacking is a global problem. Visual hacking occurred in all countries and 91 percent of 157 visual hacking attempts (trials) were successful.
b . A company’s most sensitive information is at risk. Twenty-seven percent of the data hacked is considered sensitive information like access and login credentials, classified documents, financial and accounting information and attorney privileged documents.
c . Certain situations are riskier. Documents on vacant desks and data visible on computer screens are most likely to be hacked.
d . Visual hacking happens quickly. It took less than 15 minutes to complete the first visual hack in 49 percent of the hacking attempts.
e . Office workers are timid about confronting a visual hacker. In 68 percent of the hacking attempts, office personnel did not question or report the visual hacker even after witnessing unusual or suspicious behaviour.
f . Office layout affects visual hacking. Traditional offices and cubicles make it easier to protect paper documents and more difficult to view a computer screen. In contrast, the open floor plan appears to exacerbate the risk of visual hacking.