T 5.3 Unauthorised entry into a building

A number of threats to IT systems, e.g. theft or tampering, are preceded by unauthorised entry into a building. Hence countermeasures directed at preventing break-ins are also effective against threats which depend on a prior successful break-in. In the case of professional criminals, the amount of time that the perpetrator has to pursue his objectives undisturbed is critical. The objective of a break-in could be the theft of IT components or other items that are easy to dispose of, but equally the intruder might be seeking to copy or tamper with data or IT systems. Tampering that it is not obvious can be far more harmful than direct acts of destruction.

Damage to property can occur simply as the direct consequence of unauthorised entry, as windows and doors are opened by force and damaged, so that they have to be repaired or replaced.

Examples

• During a nocturnal break-in into an office building, the burglars could not find anything valuable to steal. Out of frustration they emptied the dry powder fire extinguishers in the office areas. The losses resulting from the break-in were trivial, but the damage due to vandalism was disproportionately high due to the costs of cleaning and the disruption to work.

• During a break-in into a company over a weekend trivial damage was caused by forcing open the window and only a coffee cash box and some small items of equipment were stolen. However, it was later established during a routine check that a central server had been cleverly manipulated at precisely the time of the break-in.