Several years ago I was working in a very large convention that had to do with IT and Technology. And The format of these conventions is very similar. A large convention floor, break out rooms and large halls with keynote speakers. Also, some conventions will have some type of lab or demonstration environment.
This particular one had a pretty good size lab with a raised floor, and all the vendors would put their products in this demonstration room and show off their stuff. In this particular convention, every vendor seemed to be having problems and it was discovered that we had some kind of problem. And it looked like a hacker but no one could figure out what had happened.
Every hacker knows that the physical access to computer equipment is the holy grail of hacking. If you can get your hands on the equipment you will soon own it. And the real owners will be fighting just to get back into it.
This is why computer rooms should and do have elaborate locking and monitoring systems. But this was a convention with minimal data center security. So people kept looking for the problem but finally, someone yelled: “he’s in the floor!” A small man had actually crawled into the space under the raised floor and was scurrying around in there like some kind of mouse doing all kinds of mischief. It would be funny if it wasn’t so real.
How Are You Protected?
This lesson brings to mind something I see all of the time. Poor physical security protecting a companies crown jewels its computer hardware. Many times I go into a client building and find computers or servers or routers in unlocked closets, closets that is locked but the maid or janitor use it to store their supplies and have a key.
This seems like a simple but mundane problem. But it is nonetheless a serious problem. And problems like this arise because of a few reasons. Particularly no unified cybersecurity policy structure, no regular cybersecurity audits, and no cybersecurity testing. These functions will reveal these problems before someone gets into your floor.