By Zachary Amos, Features Editor at ReHack
Modern companies are operating in a high-risk business environment. The world is becoming increasingly digital, meaning cybersecurity attacks are becoming more frequent. Additionally, physical security systems managed by IT professionals are undergoing a digital transformation.
Essentially, as cyber and physical assets grow, the attack surface hackers will exploit expands and becomes a potential breeding ground for hybrid attacks. Successful cyber or physical attacks can disrupt company operations and make it challenging for a company to provide essential goods or services to customers.
Below, we’ll explore what cyber and physical security convergence means, why this approach is so essential, and some best practices to follow when implementing this integrated approach.
With the increased adoption of 5G, the internet of things (IoT), artificial intelligence (AI), and machine learning (ML) technologies, it’s not surprising that many companies find themselves concerned with cyber and physical security.
These pieces of tech can be costly and no company wants its valuable physical assets stolen or damaged. Because these technologies connect to a corporate network, cyberattacks are another concern for businesses.
Cyber and physical security convergence is a concept that describes disjointed cyber and physical security functions joining together to achieve cooperation and results-oriented efforts. The convergence of the two individual security systems is a hot topic, and for a good reason.
Companies in various industries have traditionally treated cyber and physical security separately as two individual systems. However, the two types of security are intrinsically linked. Malicious actors can execute hybrid attacks that risk your cyber and physical systems.
For example, a firewall installed on employee computers cannot prevent someone from kicking down an office door. On the other hand, locking the office doors will not stop hackers from breaching a firewall. Hopefully, this analogy clarifies the meaning of physical and cybersecurity convergence.
Consider the massive breach that impacted Target, the major retailer, a few years ago. In this case, hackers gained access to 55,000 internet-connected HVAC systems and stole personal data from almost 40 million customer records. The HVAC systems had a network access vulnerability, allowing attackers to steal this volume of data.
Experts suggest that by 2025, cybercrimes will reach $10.5 trillion annually, including costs associated with phishing scams, malware, ransomware, and distributed denial of service (DDoS) attacks. Research from Gartner predicts that by 2023, cyber-physical system (CPS) attacks resulting in fatal casualties will hit over $50 billion, an astonishing figure.
Physical, cyber, and hybrid attacks are expected to increase, meaning bringing cyber and physical security together is essential for companies. Here are some tips for companies integrating cyber and physical security in their organization.
Video surveillance systems and access control systems are widely used across several industries. Combining the two systems is a perfect example of cyber and physical security convergence. For example, an organization using this integrated approach can have its physical access control system tag live video feeds with any physical access attempts.
If a security incident occurs, investigators can review access attempts from individuals on these live feeds and determine if they have proper access. Both physical and access control systems converge to meet the organization’s needs and its employees’ needs and improve the cyber and physical security posture for the future.
Following the best cybersecurity practices is essential for organizations of all types and sizes. Even small to mid-sized organizations should put these concepts into practice. Some examples of basic cybersecurity practices include:
- Updating organizational security policies regularly.
- Installing antivirus or malware software solutions.
- Requiring two-factor authentication (2FA) for employees and executives.
- Prioritizing cybersecurity training for all members of the organization.
- Keep hardware and software updated to the latest version to patch vulnerabilities.
There are plenty of online resources and services available to organizations looking to take their cybersecurity posture to the next level.
The fast-paced business environment is becoming increasingly data-driven. From IoT sensors to AI-powered solutions, large volumes of data can provide valuable insights to executives strengthening their company’s cyber and physical security measures. For example, AI can help organizations take a proactive approach rather than a reactive approach.
Many AI solutions on the market can detect patterns within a network and pinpoint any suspicious activity. On the physical side, AI can provide real-time intelligence and deliver reports immediately to law enforcement or first responders. Consider researching what other types of technology can support the convergence of cyber and physical security.
More companies recognize the importance of cyber and physical security convergence. The Cybersecurity Infrastructure and Security Agency (CISA) developed a comprehensive guide that organizations can review for more information about convergence, titled the Cybersecurity and Physical Security Convergence Guide.
The CISA guide outlines the benefits of a holistic security management strategy, a description of convergence in an organizational security function context, a flexible framework for aligning cyber and physical security, and case studies that provide more information about this type of convergence. Companies can also contact CISA directly for additional information or guidance on managing cyber and physical security convergence.
Cyber and physical assets represent risks and challenges to organizations. However, adopting an integrated security approach can help IT teams and other departments mitigate these risks and overcome potential security challenges.
It’s critical to consider the benefits cyber and physical security convergence can offer an organization. Benefits include improved incident response, risk reduction, cost savings, better protection, and collaboration between critical departments to enhance employee skill sets.
Now is the time to consider the importance of combining cyber and physical security efforts to maintain a strong posture in an ever-changing business environment.
As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.