Today’s security professionals need comprehensive strategies that take both physical security and cybersecurity into account.
Physical and Cybersecurity Convergence, breach, cyber threats
In an era of increasingly sophisticated security threats, CIOs, CISOs, and COOs alike need to be more committed than ever to protect their data, facilities, and teams. From unauthorized personnel attempting to gain entry to your facilities to cybercriminals looking to breach your network, private security and public safety stakeholders need to be everywhere at once — or at least have the software that can help counter each specific threat.
This is only getting harder as digital infrastructure becomes more advanced and bleeds into the physical security world. For example, with organizations relying on the Internet of Things (IoT) for a greater share of their physical security — the number of IoT-connected devices is projected to reach 75.4 billion by 2025 — physical and IT security leaders need to defend a larger attack surface than ever before.
This reality creates unique opportunities as well as heightened risks for CSOs and CIOs. While digital technology has led to advanced physical security systems, the network-connected hardware behind them must now be managed with an understanding of the relationship between physical security and cybersecurity. For example, a data breach in a smart building could allow bad actors to remotely disable security or monitor video surveillance feeds over the network. On the flip side, a physical breach of the same smart building could allow bad actors to capture digital assets for cybercriminal activity. In both cases, vulnerabilities in one space bleed into vulnerabilities in the other. Cybersecurity directly impacts physical security and vice versa.
Our increasingly digital world also means that organizations are facing a new generation of cyber-physical threats. In fact, Verizon’s 2018 Data Breach investigations Report found that 11 percent of data breaches involved physical actions. For private security and public safety professionals, the convergence of physical security and cybersecurity urgently requires a new approach and investment in technology that can deliver success.
Cyber Threats are Physical Threats
As organizations invest in digital technology to support their physical security, it’s imperative that they understand how cyber threats pose a risk to both IT infrastructure and physical assets. Connected devices such as cameras, sensors, and digital door locks present cybercriminals with new points of entry into otherwise protected networks. If any one of these assets is compromised, organizations could face a cybersecurity breach that wreaks havoc on all devices connected to their network.
Because the convergence of IT infrastructure and physical security is relatively new, cybercriminals are hoping to catch organizations off-guard. In 2014, for example, hackers breached the network of a German steel mill to access the facility’s control system. The phishing attack causing significant problems for the plant, including damage to a dangerous blast furnace that couldn’t be shut down normally.
How Digital Technology is Improving Physical Security
Despite some of the associated cybersecurity risks, CSOs and CIOs should look for opportunities to leverage new technologies for advanced physical security measures. For instance, biometrics has become an important part of organizational security. Research from Spiceworks shows that roughly 62 percent of organizations currently use biometric authentication technology, with fingerprint and face scanners being the most commonly used technologies on corporate devices and services.
Biometric authentication offers an improvement over traditional authentication methods like passwords, PIN numbers, and personal security questions. Other biometric authentication methods include hand geometry recognition, iris scanning technology, and voice recognition. With the rise of these new methods as well as the increased adoption of fingerprint and face scanners, Spiceworks predicts that nearly 90 percent of businesses will be using biometric technology by 2020.
Additionally, data-driven software is essential for managing overall security in today’s threat environment. Security decision-makers at all levels of an organization should be using digital solutions to access real-time information in order to respond to developing threats. By delivering updated information to stakeholders as events occur, software solutions make it possible to answer physical threats in a concerted, organized way.
The Convergence of Cybersecurity and Physical Security
As cybersecurity and physical security converge, CSOs and CIOs need to consider what steps should be taken to develop a more comprehensive modern security strategy. To do so, leaders must think of cyber-physical security in a unified way. The first step should be to invest in advanced technology that can make networks and facilities safer while simultaneously addressing the vulnerabilities of connected physical assets.
This means that organizations will have to make the necessary changes to bring cybersecurity and physical security planning together. Moving forward, leaders must facilitate collaboration between facilities staff and IT professionals in order to successfully counter cyber-physical threats.
Ultimately, private security and public safety decision-makers must work with stakeholders across cybersecurity and physical security teams to determine the best path forward. While this will look different from one organization to the next, it’s essential that security professionals work together to secure the physical and digital assets that comprise all modern institutions — from private security teams to public corporations.
Physical and Cybersecurity Convergence,breach, cyber threats
- ISO 27001 Lead Implementer
- ISO 27001 Foundation
- CRISC – Certified in Risk and Information Systems Control
- CISSP – Certified Information Systems Security Professional
- CCISO – Certified Chief Information Security Officer
- CyberSecurity Professional
- CyberSecurity Lead Implementer
- Cybersecurity Lead Auditor
- ISO 27001 Lead Auditor
Dames, John (2019) Preparing For Physical and Cybersecurity Convergence. Recovered on 4 October 2019 from https://www.securitymagazine.com/articles/90960-preparing-for-physical-and-cybersecurity-convergence