Boon Edam Inc., a global pioneer in security entrances and architectural revolving doors, announced the results of a survey regarding the risks and security threats associated with tailgating. A majority of the respondents, made up of security professionals, believe that tailgating remains a critical threat and does not seem to be abating.

Risk of a breach

More than 185 end users and security advisors (consultants and integrators) within the U.S. and Canada responded to eight multiple-choice questions. All respondents shared the same three questions to begin the survey about their general perspective on the risk of a breach from tailgating.

Unmanned barriers that prevent tailgating” are effective methods to curtail tailgating

End users and the security advisors were then posed different questions to gain more insight into their perceptions about tailgating vulnerability within a facility versus across various industries. Participants were volunteers that responded to social media ads or were in Boon Edam’s contact database. 

Guards and barriers

Based on what participants have seen in the media the past decade, 69% of all the respondents believe that security breaches resulting from tailgating either are holding at the same levels or are increasing. End-user perception of an increasing trend was greater with more than 43% saying they thought it was increasing, while only 35% of security advisors echoed that opinion.

In response to this perceived threat, a strong majority of all respondents (77%) say that “guards and barriers” and “unmanned barriers that prevent tailgating” are effective methods to curtail tailgating, but only 18% of end-user respondents indicated they were using either option. There is also a sharp divide between end users and security advisors when it comes to the impact of a tailgate breach.

Physical attack on the IT environment

Eight percent of end-user respondents believe the cost of violent crime or theft due to tailgating is insignificant, while none (0%) of the security advisors agree. However, 54% of end users and 72% of security advisors believe the cost of a breach would be $500,000 up to “too high to measure.” Meaning that 46% of end users see the potential cost as lower than $500,000 while only 28% of security advisors believe the same.

The risk of tailgating (or the impact) depends on the nature of the business, the type of area and the risk scenarios to be expected. Theft of company goods, valuables, unauthorized entry of press, eavesdropping for espionage or a physical attack on the IT environment,” says one respondent.

Turnstiles, security doors

Most end user respondents realize that their facilities are vulnerable to physical infiltrationThe survey also highlights the fact that most end user respondents realize that their facilities are vulnerable to physical infiltration. The majority (78%) are taking a reactionary stance to deal with tailgating (using an access control system, guards, cameras and video management software). At the same time, the majority (74%) fail to track tailgating, yet they believe they are vulnerable to a physical breach from tailgating (71%).

Only 18% of end users say they are currently using some kind of security entrance (turnstiles, security doors), in addition to other options to physically control access into their facilities. Four percent say they are not using any security technologies at all to curtail tailgating and only 54% say they must comply with government regulations.

Potential impact of tailgating

The survey demonstrates that security advisors seem to grasp the potential impact of tailgating better than their end-user clients in many cases. A solid majority of security advisors say they discuss the use of security entrances with their clients, with 63% saying they discuss with them ways to mitigate the risk of tailgating and another 68% add that they discuss means to comply with industry regulations.

Our survey shows that security end users and advisors in the Americas see tailgating as a threat that is growing and more needs to be done to address it,” comments Valerie Anderson, President of Boon Edam Inc. “Also, the cost of tailgating breaches is seen as potentially very expensive to priceless -- this indicates there will be continued investments in tailgating prevention at facilities in the coming years.”

Prevent physical intrusion

While both end users and security advisors agree on the threat posed by tailgating this survey also demonstrates that their perceptions differ.

  • Both end users and security advisors overall see tailgating as a serious issue and there is a high level of perceived vulnerability. A strong majority believes that what they have is not enough to prevent physical intrusion and they understand that physical barriers are the best approach (with guards when applicable).
  • Security advisors see the potential costs of a breach as more expensive than end users – likely because of their exposure to more data concerning breaches and the impact on organizations. They may need to find a way to convince end users the cost of a breach is more expensive than perceived.
  • A majority of security advisors understand and recommend security entrances to mitigate tailgating, but a minority of end users have invested in them even when a majority of them believe they are vulnerable. This implies there are justification and/or budget and approval hurdles to overcome.
  • A majority of end users and security advisors are aware of industry regulations and the need to comply with them. However, a solid majority of end users use reactive, forensic strategies for addressing tailgating (alarming and responding after the fact), which may put them at additional risk of incurring hefty fines.
Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

Water Plant Attack Emphasizes Cyber’s Impact On Physical Security
Water Plant Attack Emphasizes Cyber’s Impact On Physical Security

At an Oldsmar, Fla., water treatment facility on Feb. 5, an operator watched a computer screen as someone remotely accessed the system monitoring the water supply and increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The chemical, also known as lye, is used in small concentrations to control acidity in the water. In larger concentrations, the compound is poisonous – the same corrosive chemical used to eat away at clogged drains. The impact of cybersecurity attacks The incident is the latest example of how cybersecurity attacks can translate into real-world, physical security consequences – even deadly ones.Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. The computer system was set up to allow remote access only to authorized users. The source of the unauthorized access is unknown. However, the attacker was only in the system for 3 to 5 minutes, and an operator corrected the concentration back to 100 parts per million soon after. It would have taken a day or more for contaminated water to enter the system. In the end, the city’s water supply was not affected. There were other safeguards in place that would have prevented contaminated water from entering the city’s water supply, which serves around 15,000 residents. The remote access used for the attack was disabled pending an investigation by the FBI, Secret Service and Pinellas County Sheriff’s Office. On Feb. 2, a compilation of breached usernames and passwords, known as COMB for “Compilation of Many Breaches,” was leaked online. COMB contains 3.2 billion unique email/password pairs. It was later discovered that the breach included the credentials for the Oldsmar water plant. Water plant attacks feared for years Cybersecurity attacks on small municipal water systems have been a concern among security professionals for years. Florida’s Sen. Marco Rubio tweeted that the attempt to poison the water supply should be treated as a “matter of national security.” “The incident at the Oldsmar water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals,” comments Mieng Lim, VP of Product Management at Digital Defense Inc., a provider of vulnerability management and threat assessment solutions.The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online “Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary,” Mieng Lim adds. “Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.” "This event reinforces the increasing need to authenticate not only users, but the devices and machine identities that are authorized to connect to an organization's network,” adds Chris Hickman, Chief Security Officer at digital identity security vendor Keyfactor. “If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside. "If the network could have authenticated the validity of the device connecting to the network, the connection would have failed because hackers rarely have possession of authorized devices. This and other cases of hijacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point." “The attack on Oldsmar’s water treatment system shows how critical national infrastructure is increasingly becoming a target for hackers as organizations bring systems online for the first time as part of digital transformation projects,” says Gareth Williams, Vice President - Secure Communications & Information Systems, Thales UK. “While the move towards greater automation and connected switches and control systems brings unprecedented opportunities, it is not without risk, as anything that is brought online immediately becomes a target to be hacked.” Operational technology to mitigate attacks Williams advises organizations to approach Operational Technology as its own entity and put in place procedures that mitigate against the impact of an attack that could ultimately cost lives. This means understanding what is connected, who has access to it and what else might be at risk should that system be compromised, he says. “Once that is established, they can secure access through protocols like access management and fail-safe systems.”  “The cyberattack against the water supply in Oldsmar should come as a wakeup call,” says Saryu Nayyar, CEO, Gurucul.  “Cybersecurity professionals have been talking about infrastructure vulnerabilities for years, detailing the potential for attacks like this, and this is a near perfect example of what we have been warning about,” she says.  Although this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results, says Nayyar. Organizations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments, she advises. Fortunately, there were backup systems in place in Oldsmar. What could have been a tragedy instead became a cautionary tale. Both physical security and cybersecurity professionals should pay attention.

What Are The Positive And Negative Effects Of COVID-19 To Security?
What Are The Positive And Negative Effects Of COVID-19 To Security?

The COVID-19 global pandemic had a life-changing impact on all of us in 2020, including a multi-faceted jolt on the physical security industry. With the benefit of hindsight, we can now see more clearly the exact nature and extent of that impact. And it’s not over yet: The pandemic will continue to be top-of-mind in 2021. We asked this week’s Expert Panel Roundtable: What have been the positive and negative effects of Covid-19 on the physical security industry in 2020? What impact will it have on 2021?

Expert Roundup: Healthy Buildings, Blockchain, AI, Skilled Workers, And More
Expert Roundup: Healthy Buildings, Blockchain, AI, Skilled Workers, And More

Our Expert Panel Roundtable is an opinionated group. However, for a variety of reasons, we are sometimes guilty of not publishing their musings in a timely manner. At the end of 2020, we came across several interesting comments among those that were previously unpublished. Following is a catch-all collection of those responses, addressing some of the most current and important issues in the security marketplace in 2021.