When discussing technological innovation and the continual evolution of the physical security landscape, it can be easy for one to focus on trends. There is the temptation to zero in on specific devices or brands and lose sight of the bigger picture.
In a new piece for Security Magazine, Will Knehr, senior manager of Information Assurance and Data Privacy at i-PRO Americas, Inc., makes the point that, as threats become more sophisticated, “cyber and physical security convergence has become more critical than ever.”
He points to the rise of both the Internet of Things (IoT) and the Industrial Internet of Things (IIoT) as hastening the need for companies to meld their physical and cyber security strategies. In the past, these would be considered separate elements, but now, they are part of a unified whole that every business and firm has to embrace.
Embracing a ‘holistic approach’
Knehr writes that this “holistic approach” of fully integrating the cyber and the physical can best address a host of threats that come from all directions. This has only continued to become a major problem as IoT and IIoT devices and technologies have become the norm. While this connected-to-everything type of technology has made day-to-day life and business more efficient, it has also made life somewhat easier for external hackers to carry out attacks.
“Many IoT devices are designed with minimal security features, making them attractive targets for cybercriminals,” Knehr explains. “A lack of stringent security measures in the design and deployment of these devices can lead to severe consequences.”
He points to several real-world examples.
For one, the Mirai botnet attack of 2016 — that impacted popular online resources like Netflix, Twitter, and Reddit — showed how a wide scale attack could be conducted just by way of hackers obtaining 62 common default passwords and usernames.
Then there’s the ‘casino fish tank hack’ of 2018, which saw hackers access an IoT-based monitoring system for, yes, a fish tank. It might sound innocuous, but the criminals were able to then access a casino’s entire operational network.
The final example is the 2017 WannaCry ransomware attack that hit both educational centers and hospitals.
Vetted recommendations
All three of these examples offer tangible, sobering lessons. Chief among them has to be the fact that large businesses like a casino or powerful institutions like healthcare systems, were so easily vulnerable by way of poorly secured IoT-connected devices.
To ensure these kinds of attacks don’t become the norm, Knehr offers some clear-eyed recommendations.
Among them, a company — regardless of its size — has to carry out detailed risk assessments to pinpoint the possibility of any potential threat. Security officials on staff must also regularly update firmware and software. This seems like a very common sense practice, but it is one that can easily be overlooked. Strong access control and surveillance monitoring implementation are needed, detailing just how important the physical security side of things is to a cyber-focused strategy.
Knehr stresses that the only way to avoid the mistakes of the past is to embrace a connected future where there is no division between cyber and physical security strategies. Data, facilities, and personnel won’t be protected without these two security realms being fully integrated.
For Knehr’s full piece and detailed list of recommendations, read the article here.
Peter Cavicchia II 