Why you need an integrated approach cyber and physical security

To better understand the current cyber security environment, he has grown up with Will Wise, vice president of security events portfolio at Reed Exhibitions.

How do cyber attackers target real security assets?

With the explosion of Internet of Things (IoT) connections in corporate, government, and public sector environments, organizations are increasing the risk of physical security as well as cyber attacks. Cyber ​​and physical security can no longer be handled by the silos.

In 2018, we saw more physical assets over the Internet connection, including devices such as security cameras, alarms and access control panels, and manufacturing infrastructures such as industrial automation systems. Internet usage technologies connected to buildings and infrastructure pose a serious risk.

Even low-risk HVAC systems can be a way for hackers to gain access to your network and trigger attacks. Remember the goal? An attacker could steal personal data from nearly 40 million customer records due to a network access vulnerability exploited in Target's HVAC system. This issue goes well beyond cyber attacks.

Acquiring access to a smart lock on an engineering system (such as a door, a video surveillance camera, or an energy grid) that intruders control building operations can result in catastrophic physical and public safety hazards. Beyond entry and robbery, think of possible destruction when an adversary closes core infrastructure and all facilities. This is a classic scenario where both cyber and physical attacks can occur.

What are the risks associated with IoT? How can companies protect their businesses?

One of the biggest problems that companies face in protecting their connected devices is visibility. Often, IoT devices can not be controlled from a centralized location, but remotely reside on the "edge" of the network. These are connected to vast remote locations such as wind turbines, vendor's trucks or remote office facilities to bring operational data back to the host country to increase operational efficiency. However, this efficiency creates many difficulties because these devices are not designed and built with security in mind.

Device manufacturers need to build security as a key part of product development, so they are confident about safe use, improving business operations, Organizations seeking to take advantage of IoT should consider how to monitor and manage their devices from several different locations, as well as the device's built-in security.

The value that AI can bring to cyberspace and physical security

AI helps cyber and physical security efforts and helps organizations to be more active and responsive. Cyber ​​AI technology works by identifying patterns of regular network activity and pinpointing suspicious behavior. We analyze this behavior and determine the need to intervene.

For example, if an employee requests access to a file that they do not request on a regular basis, the AI ​​can block that action and report it to security or the IT department for further investigation. For real work, AI technology is essential to improving real-time intelligence and response time. Imagine how AI technology can analyze actions in real time and instantly deliver reports to law enforcement and first responders, and take appropriate action to prevent and mitigate the spread of threats. You do not need a large delay to view video footage without waiting. AI enables immediate intelligence and action.

What is the biggest problem your organization faces to protect both physical and digital assets? How can you combine physical and cyber security efforts?

Business leaders need to understand first how to integrate IT and Operations Technology (OT) and begin with coordination between the teams responsible for these departments. These technologies are in the same network, from manufacturing plants and industrial systems to smart cameras and mobile devices, so they do not work in silos anymore.

The easy first step to achieving this is to consolidate the Security Command Center to include both cyber and physical teams. Not everyone needs to be an expert, but it is important to have open communication and planning in the event of a disaster. To realize the benefits of IoT, IT, OT, and physical security elements must have a well-coordinated, well-coordinated approach from the perspectives of technology, process and people.

What advice would you give to security experts?

Do not be at first comfortable. It does not mean that your organization will not do it because it has not yet been violated (as you know it). It's important to keep up-to-date with the latest technologies and products on the market, from long-term software to the latest products from startups. Enemies are polishing offensive strategies and strategies, and they can not be immersed in the concept that business is "good."

Second, learn how to increase your priorities and goals with your organization's executives and C Suites. Along with the impact of your brand and reputation on major financial and legal liabilities, security is not just a technical issue. The IT, OT, and physical security teams need to be proactive, speak, speak for themselves, and focus on risk management, compliance, and accountability in a timely manner.

Finally, the most important thing is education and training. This is beyond the internal employee training program. Innovation is fast, and every security expert needs to keep up-to-date with the latest technologies and technologies to protect critical assets of an organization and accommodate innovation, as well as improve knowledge and personal careers. Find workshops, trainings and certifications that you can try yourself at industry events.

Wise, Vice President of Security Event Portfolio Reed Exhibitions

Leave a Reply