Connley Walker Independent Security Consulting Group Logo

High Vis Stunt Exposes Security Weaknesses at Adelaide Oval

Last month a pair of fake tradies successfully fooled Adelaide Oval security – walking straight through the gates and taking a tour of the Oval before the Adelaide Crows and Port Adelaide “Showdown”.

This prank was an escalation of previous videos posted to their TikTok channel, previously using the tradie outfit of boots, hi-vis shirts and trousers and hats to scam their way to freebies at local retail stores and cinemas

These incidents are real life examples of successful social engineering – successfully bypassing security by exploiting human psychology and manipulation rather than relying solely on technical vulnerabilities.

Social engineering involves manipulating individuals to gain unauthorised access to physical locations, sensitive information, or valuable assets. This can include tactics like impersonation, tailgating (following authorised personnel through secure entrances), pretexting (creating false scenarios to manipulate trust), and exploiting human tendencies to trust and help others. Some key reasons for a successful social engineering attempt are:

  • Lack of Awareness: Many individuals are unaware of the various social engineering tactics and fail to recognise potential threats.
  • Trust: Attackers manipulate trust by posing as legitimate figures, such as colleagues, clients, contractors, or authority figures.
  • Urgency: Creating a sense of urgency pressures individuals to act quickly without thorough consideration.
  • Fear and Intimidation: Threats or intimidation tactics can coerce individuals into divulging sensitive information or granting access.
  • Helpfulness: Exploiting a person’s natural inclination to be helpful, attackers can elicit assistance that compromises security.
  • Lack of Verification: Failing to verify the identity of individuals before granting access or sharing information is a common security lapse.
  • Blind Trust in Technology: Relying solely on technology can lead to disregarding the human factor, making people susceptible to manipulation.

Inadequate security controls that contribute to successful social engineering attempts include:

  • Insufficient Training: Lack of security awareness training leaves employees unaware of social engineering tactics and how to respond.
  • Weak Access Control: Inadequate control over physical access points allows unauthorised individuals to gain entry.
  • Lack of Verification: Not verifying the identity of callers or visitors can lead to unauthorised access.
  • Ineffective Policies: Poorly defined security policies and procedures can lead to inconsistent responses to unusual requests.
  • Minimal Incident Reporting: If there’s no clear reporting mechanism, employees might hesitate to report suspicious activities.
  • Cultural Factors: A culture that doesn’t prioritise security or promotes blind trust can make employees more susceptible.
  • Inadequate Response Plans: Without clear plans to handle social engineering incidents, employees might not know how to react.

Any organisation that has had a recent social engineering incident should consider the following steps:

  1. Security Assessment: Conduct a comprehensive evaluation of existing security measures to identify potential vulnerabilities. This includes reviewing access control systems, surveillance technology, and personnel training.
  2. Training and Awareness: Enhance training programs for security personnel to ensure they are well-equipped to detect and respond to unauthorised access attempts.
  3. Access Control: Review and strengthen access control procedures. Implementing multi-factor authentication, biometric identification, or RFID technology can improve the accuracy of identifying individuals and restrict access to authorised personnel only.
  4. Surveillance Technology: Invest in modern surveillance technology, such as advanced cameras, facial recognition, and analytics software.
  5. Response Protocols: Develop clear protocols for responding to security breaches. This includes coordination with law enforcement, evacuation procedures, and communication strategies.
  6. Regular Drills: Conduct regular security drills to test the readiness of security personnel and other staff members in emergency situations.
  7. Collaboration and Communication: Foster communication and collaboration among security personnel, management, and other relevant stakeholders.
  8. Continuous Improvement: Establish a culture of continuous improvement in security measures. Regularly assess and update security protocols.
  9. Third-Party Audits: Consider engaging third-party security experts to conduct periodic audits.
  10. Public Awareness: Communicate security measures and policies to the public, visitors, and employees. This transparency can deter potential breaches and encourage vigilance.

In essence, the incident at Adelaide Oval serves as a reminder that security is a shared responsibility and requires a holistic approach. By implementing these practices and maintaining a proactive attitude towards security, facilities can better protect their assets, personnel, and visitors from potential security breaches. 

Contact Us

FIll out the form below and we will contact you as soon as possible

Connley Walker is an independent group of licensed security consulting professionals with engineers specialising in physical and cyber security and risk management.

Copyright ©2023 Connley Walker Holdings Pty Ltd. All Rights Reserved.

LICENCES AND REGISTRATIONS

ACT – Security Master Licence No. 17502533.

NSW – Security Master Licence No. 409109204.

NT – No licence required.

QLD – Security Firm Licence No. 3255594.

QLD – Registered Professional Engineers No. 21615.

SA – Exempt from a licence as Engineers (Security and Investigation Industry Regulations Part 2, 5 (1) (b)).

VIC – Registered Building Practitioners No. EE21166.

VIC – Private Security Business Registration No. 720-062-90S.

TAS – Building Service Provider Licence No. 363589169.

WA – Security Agent Licence No. SA56167.

CREDENTIALS AND AFFILIATIONS

ISO 9001:2015 Quality Assured.

SCEC Endorsed Security Zone Consultants (Registration Number 0075).

Pre-qualified consultants to the Victorian Government.

Pre-qualified consultants to the NSW Government.

Pre-qualified consultants to the NT Government.

Pre-qualified consultants to the Tasmanian Government.

Represent Engineers Australia on Australian Standards for Security.

Members of Australian Security Industry Association Limited (ASIAL).

Members of Australian Institute of Project Management (AIPM).

Members of Engineers Australia.

Federal Government Endorsed Suppliers.

Interested in Free Security Awareness Training?

Ensuring the safety of your business and personal space is essential. Before you go, why not join our FREE Security Awareness Training Platform?

Our training program offers:

  • Fundamental Security Practices: Learn the basics of protecting your premises.
  • Threat Identification: Recognise potential risks before they become incidents.
  • Access Control Strategies: Understand how to manage and monitor entry points effectively.
  • Emergency Preparedness: Be ready for any situation with our expert guidelines.
  • Real-Life Case Studies: Gain insights from real-world security scenarios.