Cybersecurity is a Physical Security Priority

It is an era where threats to a firm’s security are increasingly sophisticated. Bad actors rely on a wide array of tools to threaten a company’s data and physical assets. Unfortunately, many businesses are still structured in a way where chief security officers, or CSOs, tackle threats through separate cyber and physical security channels.

In a recent article for Security Magazine, Bud Broomhead writes about how cybersecurity is a clear and pressing physical security priority.

He cites an IBM study that reveals in 2022 “the cost of a cyber breach is now over $4M per incident.” Similarly, he points to data that shows IP cameras “are the most vulnerable enterprise device” — painting a full picture that a firm’s CSO has to prioritize both cyber and physical security concurrently.

You can’t choose one over the other, or silo them away from one another.

By combining the two as key parts of the job, CSOs are able to increase a company’s overall security and make it more operationally and financially efficient.

Protecting Web and Cloud-Connected Devices is Physical and Cybersecurity

He uses the example of securing IoT (Internet of Things) and “networked edge devices” for which most firms have in place “corporate policies and compliance requirements for end-point devices and servers.”

Whenever a device is connected to the network clear protocols have to be followed. This means installing software and firmware regularly, having data backups, and making sure you create and update strong passwords.

“These practices are a mainstay across almost all enterprises, but unfortunately, most enterprises do not extend these same policies and practices to edge devices residing on physical security networks,” Broomhead writes.

“Given that today’s physical security systems are made up of thousands of edge and IoT devices, cybercriminals can potentially utilize thousands of vulnerable entry points to compromise an enterprise. Unless an explicit exemption is given, all physical security devices should be maintained and secured according to corporate governance policies,” he adds.

A Lesson for CSOs

What needs to happen then is for firms to secure physical spaces and networks as strongly as they do “peripheral IoT devices.”

By protecting all of these vulnerable potential entry points for cybercriminals (and physical attackers), CSOs are ensuring the company is fortified as much as it can be.

“If a vulnerable physical security system is found to be the source of a cybersecurity breach and is not maintained appropriately with firmware updates and password rotations, cyber insurance claims can potentially be denied,” Broomhead adds. “This means if a bad actor exploited a network using a default password or out-of-date firmware traced to a physical security device, the burden of responsibility might lie solely on the enterprise. The cost of such a breach could be well into the millions, not including excluding the cost of lost stakeholder trust and reputation.”

What is clear is that a sensible, responsible approach to security means those in positions of shoring up a company’s physical and cyber assets must make sure both are prioritized.

The safety of a firm’s data as well as that of the employees who work within its walls are at stake.

Published by Peter Cavicchia

Peter Cavicchia is a retired U.S. Secret Service Senior Executive, now Chairman of the security consulting firm Strategic Services International LLC.

%d bloggers like this: