03 Jul Protecting data with physical security
Kim Rahfaldt, Director of Marketing and Public Relations at AMAG Technology, looks at why physical security must be involved in the cyber conversation at every level.
Securing cyber assets is more than trying to stop people from hacking into a network; organisations must also watch and prevent threats from the inside. Insider threats can easily be more dangerous to an organisation since employees have easier access to data than outsiders. Because of that, ownership of cybersecurity falls partly in physical security, which can provide education, best practices and tools to help identify insider threats. Securing cyber assets from the inside out needs to be part of an organisation’s standard operating procedure.
What is the best plan of attack to protect data?
From a physical security perspective, organisations need to limit access to data centres, server rooms and other areas where data is stored using access control measures such as access cards and biometric readers. Multi-factor dual authentication adds additional security for these sensitive areas. Surveillance cameras and video management systems can deter unauthorised access and provide evidence in the event of a security breach. In addition to ensuring that data storage devices are kept in secure areas, when the hardware is no longer needed, dispose of it properly. Securely erase data from hard drives and other storage devices before disposal to prevent data breaches. Physical security and cybersecurity play different but complementary roles in an organisation’s overall security programme. Physical security must be part of the cyber conversation and vice versa. By working together, they can improve the organisation’s overall security posture and protect against both physical and cyber threats.
How can physical security work with IT?
Physical and cyber teams can share information about overall security. Everyone brings expertise to the table. Sharing information about security incidents, threats, and risks to help everyone understand the nature of the threats they face can help everyone to develop better security protocols and procedures. Both teams can conduct joint security assessments to identify vulnerabilities and potential security gaps in both physical and cyber domains. By working together, they can develop a comprehensive security strategy that addresses all areas of vulnerability, reducing or eliminating gaps. Both departments can collaborate on incident response planning to ensure that the organisation is prepared to respond to both physical and cyber threats.
This includes developing procedures for responding to security breaches, conducting drills and exercises to test response plans, and coordinating communication among different departments. Joint training and education help both departments understand the importance of security and their roles in maintaining it. This can include training on password management, phishing awareness, and physical security protocols. The physical security team should include the cyber team in active shooter training to help them understand the roles of each security team member and the process involved in reducing risk to all involved in taking down a shooter. The cyber team may identify ways they can add value or assist during a crisis. And the physical security team should understand the risks and processes involved in responding to and managing a cyber attack or crisis. The physical security team may identify ways they can step up and assist.
Working together provides a holistic approach to security.
Proactive versus Reactive Security
Organisations need both proactive and reactive security measures to have a complete security programme and support a holistic approach. Proactive security ensures that only authorised users have access to sensitive data and systems. Organisations can implement role-based access control, which grants users access only to the data and systems needed to perform their job functions. Role-based access control helps prevent unauthorised access to sensitive data and systems.
An identity management system can automate the process of provisioning and de-provisioning user access. This ensures that access is granted and revoked in a timely manner or in accordance with company requirements or policies. Not only does this reduce the risk of human error and improve security, but in heavily regulated sectors, such as airports or healthcare, identity management systems can be set up to coincide with personnel certifications before they expire. This can eliminate thousands if not millions of dollars in fines. Access control systems collect a lot of data that when filtered correctly through an analytics system can identify nefarious behaviour or insider threats. Access control data can be analysed to identify usual access patterns, such as an employee accessing sensitive data or door access outside of their normal working hours, or outside of their job responsibilities. An analytics system delivers critical information through data analysis to help identify the employees, contractors and other identities that may pose the highest risk to an organisation. Each person’s access history and patterns are analysed and a risk score is assigned and updated over time. Anomalous behaviour is flagged, helping identify potential threats, better control access and prevent data theft. Identifying potentially risky behaviour allows earlier detection of potential threats, thereby mitigating risk and reducing the potential cost of an incident. For example, increased attempts to access sensitive data or systems may indicate an employee has become disgruntled or is planning to leave the organisation. This information helps the security team determine a course of action and involve other departments if necessary.
Collaboration: engage your integrator and manufacturer
If you’re an end user, you need to lean on your integrator and manufacturer to help you. Both can provide experience and expertise and not only understand industry best practices, but the manufacturer can identify if there are product features that can be utilised to help you meet your security goals. Often end user doesn’t realise they have features within their existing product set that can help them. If you’re an integrator, work closely with your manufacturers to help your end users. Tap the manufacturer’s expertise and resources and engage them with the end user. It’s a win-win!
Securing cyber assets
Technology is constantly changing and the threats are getting more sophisticated so having an established process to keep assets secure in the long term requires operational processes to be in place. Organisations must future-proof their cyber assets using best practices. They must continuously analyse their current technology and assess risks associated with its use such as the potential for data breaches. Once the vulnerable systems are identified, a risk assessment can determine the potential impact of a security breach. Develop a replacement plan to replace vulnerable systems with more secure alternatives. The plan should include an implementation timeline, budget considerations and resource allocation.
Cybersecurity lifecycle management helps organisations ensure that their IT assets are properly secured throughout their lifespan so sensitive information is protected. After deployment, companies must maintain ongoing operations and maintenance, and then properly dispose of IT assets by securely wiping or destroying to prevent unauthorised access to sensitive information. Conducting regular penetration (pen) tests can identify weaknesses in security controls and help proactively address vulnerabilities being exploited by an insider threat or attacker. Pen testing is often overlooked but organisations can’t afford to ignore it. Physical security systems operate on a network, automatically making them part of the cybersecurity conversation. When physical security and IT work together, organisations will find more value in their technology investments, streamline communications and processes, and transform their security programmes.