Why organizations can no longer ignore a joint approach to cyber and physical security
Physical Access Control and Safety Systems
One of the key elements of cybersecurity for a business is the restriction of access to sensitive data and systems. This ‘access control’ ensures minimal entry points for cyber criminals to take advantage of, keeping the company more protected against breaches. This is no different in terms of physical access control, but rather than data and networks, you’re restricting access to premises, offices and physical IT assets.
Most modern offices nowadays are accessible via electronic access control systems, requiring some kind of personal identification to enter. This might be in the form of an ID card to scan, passcodes, or even biometric authentication. Due to these electronic set-ups, these systems are normally connected to the internet, putting them at risk of being breached by hackers.
In 2018, David Tomaschik proved just how easy this could be when he managed to breach Google’s doors, tricking them into opening without the need for an RFID card. Thankfully, Tomaschik was a Google employee and only had good intentions.
Similarly, safety systems like alarms are now also ‘smart’, which have the potential to be quite dangerous if hacked. A disabled fire alarm could put a business’ employees at actual life or death risk, for example. Of course, IP-based physical access control and safety systems have several advantages for a company. When working together, physical security and cybersecurity can help to streamline alerts and notify the correct people when any issues are identified, speeding up incident response.
Internet of Things
The ever-growing collection of IoT devices are continuing to create problems in the physical security space. Since these devices, although connected to the internet, are not like our traditional computers, they are often overlooked by IT and businesses are purchasing them without proper consideration of IT and security best practice.
We use these devices without thinking about the security risks they could pose, but with the sheer amount of data being shared and the interconnectivity of IoT devices, there could be serious repercussions for a business. For example, many IoT devices come with default passwords and if these are not changed, it doesn’t take long for malicious actors to gain access.
These devices also lack the robust security management needed, making it easy for hackers to inject malware and move laterally across the network as IoT devices may well be communicating with other systems, sending alerts and emails. Being secretly inside the network you want to attack is ideal for a bad actor, and IoT devices make this a lot easier. These actors can use the device as a jump box, somewhere to wait undetected, because no one is properly managing it.
To read the complete article, visit Dark Reading.