Physical security and cybersecurity: Neither exists alone

You can hide, but they’re coming for you. If you lock the door, they’ll come in through the window. Slip up once and they’ve got you.

By Bill Clark

Fri 24 May 2019 @ 13:39

There’s a great big world out there. Organisations get so focused on cybersecurity that they sometimes forget that. Companies and institutions exist in the real world (or 'meatspace' – as opposed to cyberspace). They have offices and warehouses and exist in a particular spot on a specific street. Every location in physical world needs to be secure as well. But when securing cyberspace and meatspace, are you building a fortress or multiple silos?

Silos have to go

Digital transformation has popularised the idea that silos are bad. And they are. But in the past, they would mostly do things like duplicate effort and increase costs. The sort of things business analysts hate, but which (mostly) wouldn’t put the organisation at risk.

With the integration of IT into all aspects of business operations, things have changed. There is the need for a complete picture of cyberthreats across the organisations. Fortunately, there are tools that enable that. There are also organisations and protocols for sharing cybersecurity information between organisations.

It’s great that the silos are breaking down and better tools are leading to a clearer picture of online threats. But merging the security of meatspace and cyberspace is still lacking. It’s coming, though, and new technologies are making it easier.

For example, user and entity behaviour analytics (UEBA) can integrate data from door access card readers and send an alert if a user enters an area at an unusual time. Using machine learning, systems can develop an understanding of usage patterns in cyberspace, but also in the systems that interact with the physical world: Security cameras, keypads, access control cards and so on. They can even shut down access automatically, until the incident can be detected.

Real threats to virtual operations

High-profile cyberattacks get a lot of press. What is often overlooked is how physical security failures contribute to the danger. James Turgal, a managing director in Deloitte’s risk and financial advisory cyber risk services practice, and formerly of the FBI, recounted a tale a hacker defeating cybersecurity using a back-door attack. Literally.

“I ran cases in the FBI where an organisation had a great CISO, secure networks, policy and governance on network patching and making certain that they were always up to date and protected their endpoints. But they lacked that same rigour on the physical security side. And someone found that they had no security cameras, and they weren’t locking their doors. They literally entered the back door into one of the facilities and accessed the network directly while sitting in a lawn chair. So, that’s a perfect example of needing to have all of it – physical and cybersecurity,” he explained.

You can’t lock up the servers and call it a day, though. With the rise of the Internet of Things (IoT), organisations are seeing the possible points of compromise growing exponentially. Research suggests that by 2021, 22 billion devices will be connected to the internet. Even something as innocuous as a smart air conditioning control in a stairwell or parking garage may offer an entrance to your network.

Just as our minds and bodies exist as one, integrated entity, the modern organisation, be it a business, an educational institution, a government department or a non-profit, exists in both the physical and the cyber realm. If one is not healthy, the other is weakened. Collaboration and integration are the only secure way forward.

Learn more

Learn how LogRhythm can help merge security in the physical and the cyber worlds.