"The age of IoT and AI means that physical and IT security are no longer separate domains. Instead, everything is connected, and you need to converge your security leadership, teams, capabilities, and technologies to navigate the evolving risk landscape," says Fred Streefland, Director of Cybersecurity and Privacy at Hikvision EMEA.
Until recently, physical and cybersecurity domains were separate from one another. Security teams, access control systems, and CCTV systems were used to physically secure buildings – from data centers to factories and warehouses. And IT teams looked after IT and network security with firewalls, anti-virus software, and data encryption technologies.
But as organizations have forged ahead on their digital transformation journeys, innovative technologies such as IoT and AI have blurred the lines between physical security and cybersecurity: a trend that's set to continue long term.
Why IoT is increasing your physical and IT 'attack surface'
When thinking about your overall security strategy, consider that your security cameras and other security infrastructure are now 'IoT devices' that are connected to the network. This gives criminals and hackers a much larger 'attack surface' for their activities, with multiple ways into your organization.
For example, hacking or otherwise accessing a network-connected camera or other device can allow criminals to override physical security controls and enter restricted areas or buildings. Equally, hackers who can breach IoT devices on the network may be able to disrupt critical systems, steal data, install ransomware, or otherwise compromise your company's operations.
Physical break-ins also pose major cybersecurity risks
Equally, criminals who manage to circumvent your physical security infrastructure can also gain access to IT equipment and systems housed in restricted buildings. This means they can extend the impact of their localized attack across the length and breadth of your network, causing untold damage and disruption in the process.
This is especially the case where server rooms are left open or unlocked within a building. The mission-criticality of the network, and the sensitive data stored in connected systems, means that much stronger security is needed for these kinds of facilities to ensure they are never accessed, even if intruders breach your building defenses.
Here are some examples of how physical threat vectors can compromise digital security:
- An infected USB drive is planted in a parking lot, lobby, etc., which an employee picks up and loads onto the corporate network.
- An attacker breaks into a server room and installs a rogue device that captures confidential data.
- An attacker pretends to be an employee and counts on a real employee’s courtesy to hold the door for him as they enter together.
- An inside actor looks over the shoulder of a system engineer as they type administrative credentials into a system.
The most well-known example of an attack on physical systems followed by an attack of IT systems is the hack on the retail giant Target in 2013. The attackers used an HVAC vendor’s credentials to compromise the network and ultimately the point of sale (POS) systems of this company. The attackers 'entered' the company via the Heating, Ventilation & Air Conditioning (HVAC) systems and managed to compromise several millions of credit cards of Target customers, which caused the resignation of the CIO and CEO of Target.
Why ignoring the issue isn't an option
The consequences of security breaches – whether they take place in the physical or IT domain – are potentially devastating for many organizations, and especially those in mission-critical industries. Security breaches at electricity sub-stations, for example, could leave entire towns or cities without power. And similar breaches in data centers could result in internet 'blackouts', major data breaches, regulatory fines, and a raft of other negative impacts.
To minimize the risks of security breaches in the age of IoT, forward-thinking organizations are looking to extend their security strategies seamlessly across the physical and IT domains. This holistic and integrated approach requires both organizational and technology changes that reflect the rapidly changing physical and IT security risk landscape.
4 key strategies for integrating your physical and IT security
Forward-thinking organizations are beginning to integrate their physical and IT security provision based on 4 key strategies:
1. Creating an integrated security culture and transformation plan
Any successful integration of physical and IT security begins with a strategy based on digital transformation. This strategy needs to be communicated across the entire security organization from the top down, preparing teams for the transition to integrated physical and cybersecurity, including key milestones and potential disruptions and change management issues.
2. Appointing a CISO or data officer who is responsible for both physical and IT security
The siloed nature of physical and IT security responsibilities increases the risk that attacks in a particular domain will go undetected, or that responses will be too slow to prevent negative impacts from occurring. By appointing a CISO or other c-level executive for joint responsibility, and visibility, of physical and IT security, these potential gaps can be closed, and faster, more effective responses can be mounted in the event of a breach in either domain.
3. Converging physical and IT security monitoring within a single dashboard interface
In terms of technology, integrating IT and physical security monitoring into a single dashboard helps to dramatically decrease the risk of a breach, and to mitigate the impacts if a breach should occur. For example, by mapping cyber and physical threats together, a unified dashboard can spot anomalies more quickly, and pinpoint where the threat originated based on an unidentified device in the network, unauthorized access to a device or physical space, or other threat indicators.
4. Deploying innovative technologies that enable truly unified security responses
By implementing data analytics platforms, smart video solutions, AI-powered security algorithms and other innovative technologies of this type, organizations can detect security threats across physical and IT domains in near-real time. Additionally, false positives can be minimized, further saving time and resources and speeding up security responses.
How Hikvision can help
At Hikvision, we provide smart video technologies and AI-powered security algorithms that help to improve security in the physical domain. Besides this, our technologies are also built on open industry standards, which means they can be integrated with a wide range of security and analytics platforms to help teams identify and respond to both physical and IT security threats in a faster and more unified way.
To find out more about our cybersecurity capabilities, or to find out how Hikvision can help you integrate physical and cybersecurity to protect your people, assets, and data, please visit the Hikvision website.