The self-imposed segregation between physical and cyber security professionals creates gaps in protection. Even when the two groups interact, the cultural, educational and experiential divide makes effective communication a challenge. Attackers look for and exploit the gaps in protection this creates, often with devastating impact. Bridging these differences is one of the keys to achieving an effective protection program.
The good news is that the industry increasingly recognizes that when cyber security and physical security are designed to compliment each other, they work very well together and truly enhance operational security. The indicators are simple. Physical protection systems utilize digital assets for data communication and integration, and cyber equipment is protected by physical barriers. The marriage is already there, its just the recognition of the co-dependence that is often overlooked.
Sean Ahrens, the global practice leader for AON Global Risk Consulting, commented in a recent CSO Magazine article by Bruce Harpham titled, “Physical Security has many Holes to be Plugged,” that, “Most security efforts focus on preventing digital attacks since those represent the majority of attacks. That means that physical security often becomes a failure point.” Ahrens added that the most common failures he sees happen are via operations and human mistakes.
At Butchko, we heartily concur with Ahrens’ observation. We have often seen glaring gaps in physical security coverage, or cyber security measures left unenforced, allowing threat actors to access seemingly well-protected facilities and data systems.
Chris Curtis, senior vice president at Compass Datacenters, remarks in the article that, “Security requirements are especially important when planning a new facility. In our experience, the biggest mistake that organizations make is failing to clearly identify their requirements up front such as the value of your applications and the cost of downtime.”
Coordination between physical and cyber security has long been a challenge for organizations. But they are two pieces of the same protection puzzle. Companies that recognize the critical co-dependence and figure out ways to make the pieces fit together will be best positioned to thwart future attacks.