After years in senior cybersecurity and physical security leadership roles, including serving as both a CISO and a facility security officer, I’ve consistently encountered one blind spot across all environments: the space where physical presence becomes a vector for digital compromise. Proximity-based threats are no longer theoretical, they are increasingly becoming one of the weakest links in enterprise defense.
Falling between the cracks
In the cybersecurity community, we pride ourselves on staying ahead of threats by anticipating attacker behavior, identifying novel exploits and investing billions in digital defenses. Yet, despite massive investments in digital infrastructure, the gap between physical presence and digital compromise remains an unguarded territory. In most organizations, this layer of exposure has no clear internal owner — not IT, not security, and not facilities — and the attack surface continues to grow due to
hybrid campuses, high wireless density and shadow infrastructure.
Proximity-based attacks are initiated simply by being physically near or inside an enterprise environment. They are among the most accessible, effective and least monitored vectors of compromise. So much so that in June 2025, the FBI released a
strategy brief classifying Ubiquitous Technical Surveillance (UTS) as a Tier-1 risk. As the report notes, “adversaries exploit legitimate access to campuses or facilities…commercially available technologies have made it easier than ever.”
The FBI’s internal struggle
The FBI’s own audit of the UTS threat highlights both electronic and visual attack vectors targeting campuses and facilities. The report stresses that the equipment needed for such attacks is inexpensive, commercially available, and accessible to anyone, not just nation-state actors. With a few hundred dollars and an internet connection, attackers can obtain equipment, such as covert cameras, rogue access points,
RF scanners and
signal jammers.
One case described in the report illustrates the real-world stakes. A hacker hired by the El Chapo cartel, leveraged public surveillance cameras and cell signal metadata to track an FBI official from the U.S. Embassy in Mexico City, along with their contacts leading to intimidation and, in some cases, the deaths of potential witnesses.
The report concluded with recommendations to improve detection, coordination, and mitigation across agencies, underscoring the urgent need for visibility into proximity-based risks.
Everyday devices, extraordinary risks
What makes the threat hard to contain is the malicious use of legitimate devices. Phones left in a room can record conversations,
earbuds can eavesdrop,
smartwatches and wearables can harvest RF, Wi-Fi or
Bluetooth signals. These are not accidents or misuse, they are intentional abuses of technology that are rarely detected or mitigated.
And yet, most organizations still don’t monitor this attack surface. Ask any CISO how many proximity-based events their organization has logged and the answer is likely zero. But this absence of data doesn’t reflect a lack of threat, only a lack of visibility.
Worse still, some decision-makers suggest it might be safer not to know, but that mindset is dangerous because avoiding visibility only guarantees escalation. Proximity-based threats don’t need a zero-day, they just need access and intent.
Beyond the network
The consequences of ignoring proximity risks are not limited to system compromise. A single proximity-based incident can lead to reputational damage, regulatory penalties, and legal action. If an employee is unknowingly recorded in a sensitive meeting or if customer data is collected through proximity surveillance, the fallout can be devastating. Regulations like GDPR, HIPAA, and CCPA increasingly address physical privacy, while public expectations have also shifted.
There is now a clear expectation, not only from employees, but also from visitors, partners, vendors and guests, that their privacy, both digital and physical, will be respected on-site. Failing to do so not only exposes businesses to regulatory action but can also lead to public backlash and loss of trust, something no cyber insurance policy can repair.
Defense against proximity-based attacks is no longer a nice to have, it’s critical. The question we need to be asking in the security industry is not if these incidents will occur, it's whether you'll detect them before they escalate.
Closing the gap
Organizations cannot continue treating physical and digital threats as separate domains. The idea of a hardened digital perimeter, while still important, is incomplete. Threats begin with presence and from there, migrate across the RF spectrum, IoT protocols, and shadow infrastructure into digital systems.
To counter these threats, a new category of visibility and response called Proximity Attack Surface Management (PASM) has been developed. Much like
Cloud Security Posture Management (CSPM) emerged to handle the unique complexities of cloud, PASM focuses on the detection, analysis, and mitigation of threats that originate in physical space yet pose digital risks.
This includes identifying rogue wireless activity, detecting unauthorized surveillance equipment, monitoring unmanaged or shadow IoT devices, and mapping the behavior of people and assets in hybrid spaces. It also provides the forensic and regulatory support needed to demonstrate due diligence.
A new layer, a new imperative
The invisible perimeter is the new weakest link in enterprise security. Every organization from Fortune 500 companies to hospitals, schools, and government agencies, operates within hybrid spaces where physical presence can become a vector for digital exploitation.
The FBI’s decision to label UTS a Tier-1 risk should serve as a wake-up call to enterprise security leaders. CISOs, CSOs, and risk managers must now recognize that their security models are incomplete without visibility into the physical-digital interface. The tools exist. The threat is validated. The urgency is rising and it’s time to secure the space we’ve left unguarded for too long.
