Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Op-Ed: The disappearing line between the physical and logical is cyber security’s new challenge

Traditional security solves traditional problems. It is disconnected and reactive.

user iconGeorge Moawad
Wed, 16 Aug 2023
Op-Ed: The disappearing line between the physical and logical is cyber security’s new challenge
expand image

Cyber security is critical for protecting data and systems, and physical security is important for ensuring physical assets are protected and that people are kept safe.

Yet, we often treat these two critical functions disparately.

New threats are emerging that have intertwined digital and physical security to create a new, more complex challenge. In many organisations, threats are assessed and treated separately. For example, phishing attacks are handled by securing email gateways with endpoint software. Identity theft is covered by multifactor authentication. To protect ingress and egress for buildings and rooms, we use smart locks. Unauthorised access is countered with security cameras and alarm systems.

============
============

The problem for organisations is not a lack of tools and methods. It’s a lack of integration that creates gaps that can be exploited by threat actors. Traditional solutions have utility, but they are typically disconnected and reactive. And as our environments become more complex, those gaps become more abundant. With the rise of IoT devices – we can expect upwards of 55.7 billion devices by 2025 generating around 80 zettabytes of data, according to IDC – will only make the interaction between the physical and logical world more critical and harder to secure.

We can no longer separate physical and logical security. Security must be viewed as a single activity. It must be enabled with tools that provide visibility across the entire security stack, both logical and physical. It must be built on hardened hardware made by trusted partners that is managed and accessed through secure systems that provide a unified view of all security threats.

We need to break through the siloed approach that has been a historical feature of security and operations. The benefits to organisations of unified security, from both an operational and security perspective, are greater visualisation, intelligence, and insight-driven decisions and actions. When organisations have a holistic live view of everything that is happening, from what doors are open through to system efficiency, who’s on-premises and what systems are being accessed and how they are being used, they can properly assess risk and identify methods to boost their effectiveness.

This is a significant boon for organisations. When a security incident is detected, it becomes a business challenge and not one just for the facilities team, security officers, or the technology department. A unified view that is the responsibility of an integrated team fosters greater communication and collaboration. As a result, the gaps between physical and logical security become much narrower.

The 1992 film Sneakers opens with Robert Redford’s character bypassing physical security controls and gaining access to computer systems. There was no need for convoluted hacking. He simply sat at a computer in the office and transferred large sums of money to himself to show the bank’s leadership that they were vulnerable to attack. But if someone connected a stranger entering the office and the unscheduled movement of money, he would have been thwarted.

Today’s criminals employ the same sorts of tactics. And any security analyst will tell you that once a threat actor gains physical access to an environment or device, logical controls are more easily compromised. In the real world, we have seen numerous attacks resulting from threat actors embedding their own equipment into networks to gain access to organisations’ systems and operations.

The gap between physical and logical security is shrinking fast. We need to stop segregating our view of security into physical and logical. When we do that and put the right monitoring and alerting systems and processes in place, we not only improve security but also reap operational benefits from a unified view of the entire organisation and significantly bolster their defences against crime.


George Moawad is the country manager for Australia and New Zealand at Genetec.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.