Visual hacking: A bigger threat than security professionals might think
Ninety-one percent of visual hacking attempts are successful, the attacks happen very quickly, and it can be nearly impossible to detect when someone steals a glimpse at protected health information and leaves a hospital, according to the 2016 Global Visual Hacking Experiment conducted by Ponemon Institute.
Visual hacking, which is physically spying on someone’s desk and computer screens, happens quickly. It takes less than 15 minutes to complete the initial hack in 49 percent of hacking attempts. And in 88 percent of U.S. trials, an undercover white hat hacker was able to visually hack information.
The global experiments incorporated 157 trials with 46 companies across eight countries to expose the low-tech hacking methods that pose significant risk to organizations. According to the findings, organizations need to educate employees on how to protect data displayed on device screens.
“The results of these experiments uncover the significant visual privacy risks that all organizations face globally, regardless of size, business type or location,” Ponemon Founder Larry Ponemon said in a statement. “While visual hacking is often considered a low-tech threat, the repercussions can be just as detrimental as a high-tech cyberattack.”
Some 52 percent of sensitive information captured during the experiments was visually hacked from an employee computer screen, the researchers found, while 27 percent of the visually hacked data was deemed sensitive information, including login credentials or other confidential or classified data.
What’s more, employees didn’t notice, question or report visual hacking in 68 percent of the attempts - even when they witnessed suspicious behavior. In general, the experiments found open floor plans increase the risk of visual hacking, while traditional offices and cubicles make it easier to fend off potential breaches.
Ponemon noted that it’s important for healthcare organizations to be more aware of visual hacking and to institute a privacy plan for data outside of the office, if only because companies with sound security practices had 26 percent fewer visual privacy breaches.