In today’s digital world, no reputable company would operate without considering its cybersecurity posture. With cyber threats surging even small firms plan to raise their spending on managed security services by 85 percent. The challenge is that many companies are spending most of their efforts on cyber while overlooking the importance of physical security.
Physical security and cybersecurity are merging rapidly, and as IoT technology evolves and more security systems become cloud-based, businesses must constantly reevaluate their cyber-physical strategy.
Bottom Line Up Front (BLUF)
- According to a recent report, the cloud now holds 50% of all corporate data.
- The need for cyber-physical security collaboration is becoming increasingly important as physical security systems migrate toward cloud-based solutions.
- Businesses must ensure that their physical security systems remain resilient and adaptable as the digital workplace expands.
Subscribe to the @DavidSecurity blog to receive the latest security management insights.
Cyber-Physical Security Convergence
The cyber-physical security convergence trend is nothing new. For years, security analysts were making the case for a unified security strategy that involved merging physical security with cybersecurity.
Back in 2010, Dr. Raj Rajkumar (Electrical and Computer Engineering) at NC State delivered an informative talk about the need for cyber-physical systems convergence. In his talk, Dr. Raj stated that a cyber-physical system is one that “integrates the cyber aspects of computing and communications with the monitoring and control of physical entities in the world that we live in.” In simple terms, this includes all physical security systems.
A common definition of a cyber-physical system is one that “integrates computing and communication capabilities with the monitoring and/or control of entities in the physical world dependably, safely, securely, efficiently, and in real-time.”Journal of Internet Services and Applications
Cyber-Physical security alignment is vital
Enterprise businesses’ security requirements are evolving due to the introduction of cloud-based and IoT workplace technologies. The traditional approach to cybersecurity and physical security as separate entities is no longer sufficient to protect an organization. Companies can no longer afford to treat them as two separate functions in a hyper-digital landscape.
The need for a comprehensive strategy for security is expanding as critical infrastructure continues to integrate cyber into physical systems and emerging technologies into their daily operations. In 2020, Physical security incidents accounted for 10% of malicious breaches with an average cost of $4.36 million.
Cyber-Physical security resources
Very few security professionals would argue against the need for a cyber-physical approach. Yet, many organizations are stuck, and either because they have never faced a major cyber-physical attack or don’t know how to approach this complex challenge, they do nothing and hope for the best. Unfortunately, since cyber-physical attacks are only increasing, this is not viable.
Instead, organizations should study and embrace the concepts in the Cybersecurity and Infrastructure Security Convergence Action Guide provided by the Cybersecurity and Infrastructure Security Agency (CISA). The guide describes the complex threat environment created by increasingly interconnected cyber-physical systems and the impacts that this interconnectivity has on an organization’s cybersecurity and physical security functions. It also provides information that organizations can consider adopting a holistic cyber-physical security approach through a flexible framework.
The traditional approach to physical security will no longer be successful in a post-pandemic future where enterprises will be more reliant on digital technology. Organizations are instead encouraged to take a proactive approach to protect their systems from ever-growing cyber-physical security threats.
Organizations that embrace the cyber-physical approach will undoubtedly be better prepared to deal with present and future dangers than those stuck in a primarily physical reality. Adopting the principles and concepts outlined in CISA’s Cybersecurity and Physical Security Convergence Guide is a vital first step in that direction.