Cybercriminals are no longer relying solely on networks. Physical attacks targeting workplaces are rapidly increasing. This trend was highlighted by Mickaël Wajnglas, our Secretary General, and Jérémy Nedjar, founder of L-ExploIT and SPAC Alliance member, in an article by Pascal Coillet-Matillon published in Le Figaro and the Journal du Net. Gaining access to a building and exploiting everyday connected devices is now enough to compromise an entire information system.
Hybrid attacks are here to stay
The boundary between cybersecurity and physical security has never been thinner. Modern workplaces (offices, open spaces, technical rooms, shared areas) have become strategic entry points for attackers who leverage social engineering, employee habits, and hardware weaknesses to reach the core of an organisation’s systems.
The article highlights a concerning reality: these hybrid attacks account for 9% of data breaches according to the IBM Cost of a Data Breach 2020-2025 report.
Their rise is fuelled by the proliferation of poorly secured connected devices and internal procedures that fail to enforce proper access control.
“Attackers tailor their methods to the organisation’s maturity level, combining social engineering, behavioural analysis and misuse of connected tools.”
Jérémy Nedjar, Founder of L-ExploIT
In some cases, a simple coffee cup placed next to a badge reader can capture credentials using concealed electronic tools, enabling badge cloning and unauthorised access to restricted areas.
A strategic challenge for every organisation
This shift confirms a position SPAC Alliance has held for years: information system security is impossible without full control over physical access, communication protocols and hardware components deployed inside buildings.Mickaël Wajnglas, Secretary General, SPAC Alliance
This reality aligns with the growing demands of European regulations (NIS2, CER, CRA), which require organisations and suppliers to demonstrate stronger accountability and full traceability of the components used in their security solutions.
Read the news (in french):
