Is cybersecurity more important than physical security? No. And here’s why.
These days so much of what we do at work happens online. This is turning burglars into hackers, attacking businesses via the internet rather than physically breaking into their buildings. As cyber breaches are harder for businesses to detect and control than physical ones, they’ve become a tempting and lucrative prospect for criminals.
As a result, there’s been a major shift in emphasis from physical security to cybersecurity. According to the UK Government Cyber Security Breaches Survey 2019, 78% of businesses now rate cybersecurity as a high priority.
Does that mean cybersecurity has become more important than physical security? No. Not at all. In fact, asking that question misses a very important point.
Two sides of the same coin
It’s become common for people to talk about cybersecurity without mentioning physical security. But that’s only because many companies today still have separate departments for each, only looking after the security aspects they’re familiar with. Cybersecurity teams concern themselves with user permissions, passwords and protecting the company’s networks from malware and viruses. Physical security teams concern themselves with the company’s CCTV, door entry systems and intruder alarms.
But physical security and cybersecurity are two sides of the same coin and recent events have demonstrated this.
When hackers breached the corporate networks of three energy distribution companies in Ukraine in 2015, they were able to take complete physical control of 30 substations and switch them off, leaving 230,000 residents without power. Conversely, in 2016 and 2017, Ankur Agarwal physically trespassed on the premises of two New Jersey companies and installed key-logger devices onto their computers, covertly recording employees’ keystrokes and obtaining their login credentials to steal data. He was also able to fraudulently create an access badge at the second company so that he could continue trespassing without detection.
These events are causing physical security teams to wake up to the fact that cybersecurity threats are their problem too. Vice versa for cybersecurity teams. After all, the criminals don’t care who’s in charge of what. They’re just looking for the easiest way in. This is why companies have to start looking at how their physical security and cybersecurity systems intersect and take a broad, holistic approach to protecting their assets and people.
Technical convergence
When an employee is logging in to a workstation from a location they shouldn’t be in, you don’t see the intrusion unless your cyber and physical security systems are integrated. The separation of these systems creates dangerous gaps that hackers are keen to exploit.
One of the challenges to convergence is data. With so many of their systems now connected to the internet and each other, companies produce inordinate amounts of information that corporate security teams have to be constantly aware of. It would seem an impossible task, but this is where artificial intelligence (AI) comes in. AI can sift through reams of data to detect pertinent developments and give both physical security and cybersecurity teams a simultaneous 360-degree view of an emerging threat. This enables security professionals from both the physical and cyber realm to act more quickly, in unison, to combat it.
For example, AI learns to understand people’s login characteristics. Let’s say that an employee normally enters a building with an ID card or smartphone and takes five minutes to reach their desk and log in. If, one day, their login happens significantly faster than that, AI will alert you to the fact that the employee could be a machine. Alternatively, if the employee is a one- or two-finger typist and is suddenly racing through the keyboard, again AI will alert you, in real time, that it might not be them.
And it isn’t just that convergence of cyber and physical security has become necessary for protecting your business. There are other benefits as well, such as reduced administration and hardware costs and a more positive user experience. For example, you could have a single form factor such as an ID badge for both physical access to a building and logical access to a network. This would streamline the user experience and reduce costs for additional/replacement badges. It would also reduce the time required for producing multiple credentials for different applications.
Political convergence
While embracing new technologies is important, the current misalignment between the cyber and physical security realms is probably more to do with internal corporate politics than technical barriers. At the technical level, the convergence of physical security and cybersecurity is already happening. The fact that so many physical security and cybersecurity teams are operating in siloes, not talking to each other, is where the real challenge to implementing an integrated security approach lies.
But as cyber and physical threats continue to overlap, a unified team must be deployed to deal with them. Security, in all its forms, needs to be brought under a single organisational umbrella. This includes your CCTV and access control teams working alongside IT security teams and having simultaneous access to the same, correct information. It also includes your chief information security officer and chief emergency management officer reporting to an enterprise-wide chief security officer who oversees everything.
A growing attack surface
Advances in communications technology, the launch of 5G and the rapid growth of the Internet of Things (IoT) are creating an ever-widening attack surface for criminals to exploit. More and more devices are being connected to the internet that don’t have any security on them. Combine this with the fact that the modern workforce is becoming increasingly dispersed, using different devices, systems and networks from different locations. The International Workplace Group found that 50% of employees work away from the office at least two and a half days each week, while some analysts are predicting that half of the workforce will be freelance within 10 years.
When 5G is fully adopted, criminals are going to be able to steal business data in the blink of an eye. This is why companies need to act now to make sure any potential security gaps in their sizeable attack surface are plugged.
Cybersecurity advisers are recommending that businesses move their work applications to the cloud so that all data stays on company servers regardless of where staff are located. Real-time alerting, powered by AI, has also become necessary for security teams to make sense of the enormous amount of data now flowing through their networks. And all IoT deployments need to be carefully planned, with device security and control a top priority.
However, the essential first step towards integrating your cyber and physical security is to merge your teams into one department. That way you’ll have a much more accurate and complete view of your entire security landscape as events unfold.