The Convergence of Physical Security and Cybersecurity
August 1, 2019
Developing a comprehensive security strategy in today’s threat environment calls for solutions that take both physical security and cybersecurity into account.
In an era of increasingly sophisticated security threats, organizations must be more committed than ever to protect their data, facilities, and teams. From unauthorized personnel attempting to gain entry to your facilities to cybercriminals looking for ways to breach your network, security professionals need to be everywhere at once — or at least have the software that enables them to counter each specific threat.
This has become more challenging as digital infrastructure becomes more advanced and increasingly overlaps with the physical security world. For example, with organizations relying on the Internet of Things (IoT) for a greater share of their physical security — the number of IoT-connected devices is projected to reach 75.4 billion by 2025 — physical and IT security professionals must contend with a larger attack surface than ever before.
This reality creates unique opportunities as well as pronounced risks. While digital technology is contributing to advanced physical security strategies, the network-connected hardware used to make that happen can be vulnerable to cybercriminals if it’s not managed and protected properly. For example, consider a smart building that operates through a virtualized system, allowing you to disable security remotely or monitor video surveillance feeds over the network. One data breach could easily threaten the physical infrastructure and safety of the building. While our increasingly digital world empowers better security technologies, it also means that digital threats can easily turn into physical ones.
In fact, Verizon’s 2018 Data Breach Investigations Report found that 11 percent of data breaches involved physical actions. For decision-makers looking to keep their organizations secure, the convergence of physical security and cybersecurity requires a new approach and renewed investment in the platforms capable of delivering success.
Cyberthreats are Physical Threats
As organizations invest in digital technology to support their physical security, cyber threats increasingly pose a threat to both IT infrastructure and physical assets. Connected devices such as cameras, sensors, and digitized door locks offer bad actors new points of entry into organizational networks. If any one of these assets becomes compromised, it’s possible for cybercriminals to breach cybersecurity defenses and wreak havoc on devices connected to the network.
Cyber attacks that target physical infrastructure are already underway. In 2014, for example, hackers breached the network of a German steel mill and used the breach to access the facility’s control system. The phishing attack caused significant problems for the plant, including damage to a dangerous blast furnace that couldn’t be shut down normally.
How Digital Technology is Improving Physical Security
While the use of digital technology creates risks, it’s also contributing to advanced physical security measures. For instance, biometrics has become an important part of organizational security, both in authentication and identification. Research from Spiceworks shows that roughly 62 percent of organizations currently use biometric authentication technology, with fingerprint and face scanners being the most commonly used technologies on corporate devices and services.
Biometric authentication seems to be the way forward, with most IT professionals seeing biometric authentication as an improvement over traditional authentication methods like passwords, PIN numbers, and personal security questions. Other biometric methods include hand geometry recognition, iris scanning technology, and voice recognition. With the rise of these new methods and the increased adoption of fingerprint and face scanners, Spiceworks predicts that nearly 90 percent of businesses will be using biometric technology by 2020.
Additionally, data-driven software is essential for managing overall security in today’s threat environment. Security decision-makers at all levels of an organization can use these solutions to access real-time information — data gathered from digital security assets connected to IT infrastructure — in order to respond to threats as they develop. By delivering updated information to stakeholders simultaneously, software solutions make it possible to answer physical threats in a concerted, organized way.
The Convergence of Cybersecurity and Physical Security
As cybersecurity and physical security converge, organizations should consider the next steps to develop a more comprehensive security strategy. By thinking of cyber-physical security in a unified way, teams can invest in advanced digital technology that makes their network and facilities safer while simultaneously accounting for the vulnerabilities of increasingly connected physical assets.
This means that organizations will need to consider necessary changes to bring cybersecurity and physical security planning together. Moving forward, it’s going to be essential that facilities staff and IT professionals collaborate if organizations are going to successfully counter physical cybersecurity threats.
Ultimately, key decision-makers will need to work with stakeholders across cybersecurity and physical security teams to determine the best path forward. While the exact makeup of these arrangements will differ from one organization to the next, security professionals will need to work together to prevent cybercriminals from breaching their networks and inflicting damage on their physical infrastructure.