A dumpster diving attack is a type of cyber attack made possible by searching through the victim’s trash. While you might be imagining a messy and filthy scenario where a person dives into a dumpster, the reality is less unsanitary. In a dumpster diving attack, threat actors could be in and out of the dumpster in a matter of minutes. But they may already have their hands on a box full of confidential documents, storage devices, and workstations.
You would be surprised at the amount of information about you, your life, or your company in your trash. Think about the last time you threw your credit card statement. Did you shred it? How about the medical laboratory result from your previous visit to the doctor?
Among the data that dumpster drivers can get from searching through your trash are:
Any of the above information can be used to gain access to your home or work network. Notepads that contain passwords and access codes are the most valuable. However, most of us have learned to discard these items without a thought for security.
The success of dumpster diving attacks can be traced back to lack of security knowledge. If people knew how an attacker could use the data on a piece of paper, they wouldn’t throw it without shredding.
Therefore, the most effective way to protect yourself and your organization from dumpster diving attacks is education. Learn to distinguish between confidential and public records.
For organizations, including disposal management in your overall security policy could provide clear guidelines on how sensitive data from your trash can stay protected. For example, the policy may dictate that all papers should be shredded before disposal. Storage devices, on the other hand, have to be cleaned of all data.
