In 2015, a Ukrainian power plant worker was finishing his shift. Suddenly his cursor started moving across the screen on its own. He watched in shock as the cursor clicked on the controls that took the station offline, and thousands of residents were suddenly in the dark and without heat. The operator was unable to regain control, because his password had already been changed. He could only watch helplessly as his own terminal shutdown another 30 substations. Meanwhile, two other power stations were being attacked, and a total of 230,000 people were left without power.
It’s a classic example of physical damage through a cyberattack.
Cyberattacks are making big headlines, and as a result businesses are doubling down on cybersecurity. Global cybersecurity spending is expected to reach $96 billion in 2018. But in contrast, organizations are paying less attention to physical security. The irony is, there is no cybersecurity without physical security—and vice versa.
When organizations treat cybersecurity and physical security like they’re separate things, it’s like barring all your windows but leaving your front door wide open. Physical and cybersecurity are two sides of the same coin. To truly make your company secure, you need a cyber-physical approach that addresses both forms of threats.
Not investing in both forms of security? Here’s why you’re leaving your business vulnerable to attack.
Competition of Resources
When you treat IT security and physical security separately, you also separate the resources for both efforts. That means you have two separate teams that don’t communicate, who need overlapping resources. Either they’re competing for those resources, or your company is investing in the same resources twice. Your teams are now competing for the same funding.
For example, both your IT and physical security teams implement software and hardware solutions. More and more, high-tech solutions such as Internet of Things (IoT) are used to reduce physical risk. Those cross-platform solutions take advantage of both physical and IT technologies.
Yet, while IoT technologies help boost physical security, they also introduce new IT vulnerabilities. Which security team is assigned responsibility for your IoT devices, then?
The clear solution is to coordinate your IT and physical security teams into one common effort that addresses both physical and cybersecurity. As a result, you can develop a holistic picture that equips top management to strategically and cost-effectively manage risk.
Dual Physical and Cyberattacks
The cliche of a hacker in a hoodie attacking your system from a remote laptop is outdated. Today’s criminals can use cyber and physical attacks simultaneously. For example, all it takes to steal data is to enter a facility and plug in a USB device that fools the system into thinking it’s a keyboard. Or an employee could walk out of the building with sensitive data on a thumb drive.
In 2017, a USB drive from Heathrow Airport was found on a London street. The device contained confidential information about accessing restricted areas at the airport and included security measures used to protect the queen. The data was not encrypted. In this case, physical security methods failed to protect critical cyber information.
Expect to see more headlines in the news involving physical methods that are used to carry out cyberattacks. As businesses continue to invest into cybersecurity while ignoring physical security, more and more criminals will enter through the front door instead of sneaking through the back window.
If your organization isn’t addressing both types of security, you’re more vulnerable than you realize.
Physical Security Boosts Cybersecurity
Facebook gets it. The multi-billion-dollar company takes an integrated approach and uses physical security to protect security. Even the layout of the offices’ is designed to protect its servers.
If you’re properly approaching security, you’ll employ physical security to protect information in ways that cybersecurity can’t do. And you’ll use cybersecurity methods to protect your physical premises as well. Physical security boosts cybersecurity, and vice versa.
For example, it’s easy to get past security measures like badges and security entrances. But complementing them with technologies like biometrics and facial recognition adds another layer of protection.
The Cyber-Physical Nexus of Security
Don’t trust your cybersecurity efforts alone to protect your data. And don’t trust your physical security to protect your facilities. By taking a cyber-physical approach to security and risk, you can shut down attackers from both ends and free up resources for both security teams.
If you don’t already have a security and risk consultant who can take an integrated approach, make that your first priority. Never settle for security professionals who can’t address both sides of the coin. You’ll be able to rest easy every time you read about the latest security breach.
Get more security tips delivered to your inbox—subscribe today!