Tailgating and Piggybacking
Tailgating is the act of entering a secure area without authorization by following closely behind the person that has been allowed to open the door or checkpoint.
- instead of using the credentials, badge, or key normally needed to enter
- the authorized person may let you in intentionally or accidentally
- happens in most places that use technical access controls
Piggybacking is a similar situation but means that the attacker enters a secure area with an employee’s permission.
- e.g.,
- impersonating a cleaning crew or delivery driver to get in
- saying “I’ve forgotten my badge/card”
- having an insider threat actor allow access without recording it in entry log