Online data breaches may dominate the headlines, but for many facilities, it's the old-fashioned physical break-in that's still the biggest concern.
A study by Sandia National Laboratories, which cares about this sort of thing given its work with nuclear weapons, examined 23 of the world's most infamous thefts and came away with a surprising conclusion.
It found that at the core of some of the most outrageously brazen break-ins at buildings with advanced security technologies such as seismic sensors, energy detectors and supposedly unbreakable glass, failures in basic security were what led to huge losses.
While many of the examples cited in the report were from a decade or so ago, the lessons in on-site security are still timely. Even hackers, such as the Chinese group responsible for the data breach at U.S. hospital chain Community Health Systems, have infiltrated companies in person.
In one attack on a health company, the Chinese hackers used either a trusted insider or an outsider to break into a facility and manually insert malware on a computer via a thumb drive.
Here are the common failures in on-site security, according to Sandia's report:
In almost half of the incidents, the thieves were able to overcome keyed locks by picking them or prying them off. The most common method was to threaten someone who had the key.
In the theft of hundreds of millions of dollars of diamonds, gold, cash and other valuables from the highly secure basement vault of the Antwerp Diamond Center in 2003, a criminal posed as a tenant of the Diamond Center for two years to perform reconnaissance and defeated a series of keyed locks by using custom-made lock-picking tools and a crowbar.
In the same percentage of cases, the criminals were able to defeat unarmed guards, often using nonviolent deception. In the 2004 theft of more than $70 million in gold bullion from a Swissport warehouse at London's Heathrow Airport, criminals driving a delivery van passed through a security gate with paperwork forged with the help of an insider who was working as a delivery driver. Previous surveillance of the driver helped catch the criminals.
Thirty percent of the incidents involved defeating security-camera systems, which occurred by putting stuff in front of them to create blind spots, deactivating the cameras with the help of insiders or taking control of the camera-monitoring stations.
In the 1983 armed heist of a Brink's-MAT warehouse also at Heathrow Airport, employees were doused with gasoline and threatened with a lit match to open the vault. An insider was responsible for monitoring the security-camera images at the time of the robbery.
Whether it's online or on-site security, the lesson here is that even in a high-tech world, companies can't afford to overlook the lower-tech vulnerabilities.