Tailgating attacks exploit human behavior to gain physical access to secure facilities, bypassing expensive technological security investments and creating insider-style access. Tailgating attacks allow unauthorized individuals to gain access to restricted areas by following authorized personnel past secure entry points.
These attacks exploit human psychology and social dynamics rather than technical vulnerabilities, making traditional cybersecurity defenses ineffective against this physical security threat.
How Tailgating Works
An attacker positions themselves near a secure entry point and waits for an authorized employee to use their credentials to open the door. The attacker then follows the authorized person through the open door before it closes, without using their own credentials. Common tactics include carrying large boxes (prompting authorized employees to hold the door), wearing uniforms or carrying equipment that suggest a legitimate reason to be in the facility, or simply walking confidently behind someone as if they belong.
Key Distinctions
The glossary makes an important distinction between tailgating and piggybacking
Tailgating: The unauthorized individual gains access without the knowledge or consent of the authorized personnel. The authorized person remains unaware that someone followed them through the secure entry point.
Piggybacking: The authorized employee is aware that an unauthorized person is following them but allows it anyway, often due to politeness, social pressure, or being deceived about the person's identity.
Impact
Tailgating attacks create significant risk because they bypass physical access controls entirely. Once inside a secure facility, attackers can install hardware implants, steal physical assets, access unattended workstations, photograph sensitive information, or disable security equipment.
Prevention
Defense against tailgating includes access control vestibules (mantraps) that require individual authentication for each person entering secure areas, eliminating unauthorized following. Video surveillance integrated with access control systems provides visual verification and audit trails. Security awareness training helps employees recognize and respond appropriately to tailgating attempts, including politely challenging unknown individuals and reporting suspicious behavior.