With the risk landscape shifting, the lines between cyber and physical security are blurred. In this article, AI experts, Dataminr, make a persuasive case for why enterprises should consider breaking down the silos between the two security teams and treat them as two sides of the same coin.
The spotlight placed on cybersecurity is growing wider, shining brighter and continuing to permeate global conversations. Given that the number of ransomware attacks increased by almost 150 percent in March of last year and the first half of 2021 saw a 102 percent increase in ransomware attacks, the widespread concerns are legitimate.
Cybersecurity failures are increasingly leading to serious high-stakes ramifications in the physical world, where both critical infrastructure and people’s lives are at risk. Take for instance the 2021 water plant hack in Florida. A network breach quickly turned into a physical attack that threatened to poison a city’s water supply with dangerous levels of lye.
Despite that, many organisations continue to operate their cyber and physical security teams as distinct, standalone disciplines with little to no collaboration on managing risks.
What’s the solution? As cyber-physical threats become more pervasive, ensuring the two teams can establish formal means and standards of collaboration is now a strategic business imperative. The result, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is cyber and physical security functions that are more resilient and better prepared to identify, prevent, mitigate and respond to threats.
The evolution of cyber-physical security risks
Traditionally, organisations have kept their physical and cyber security operations independent of one another. That’s partly due to the relative age of each practice. Physical security has a long history, while cybersecurity is comparatively new.
But thanks to the increased use of IoT and IIoT devices, the number of systems moving to the cloud, and the proliferation of social media and smart devices, the need for security convergence across industries is greater than ever.
Some examples of cyber-physical risks are more evident, such as the May 2021 ransomware attack on the Irish healthcare system. It led to a systemwide IT shut down that created a real and imminent threat to patients. Or the attack on Florida’s water treatment plant.
Other examples are not as readily apparent, yet still pose significant risks. For instance, the recent rise in the number of attacks on Internet-connected industrial control systems (ICS), especially those that run critical infrastructure—from water treatment and gas plants to trains and traffic light systems. In some cases, hackers exploit security gaps in access controls to facilities, allowing them to install malware that compromises an organisation’s entire network. Remote access software used to control ICS and heating, ventilation and air conditioning systems are also common entry points for attacks that affect both the cyber and physical domains.
KEEN TO FIND OUT MORE ABOUT REAL-TIME ALERTING?
To learn more about how real-time alerting can help you strengthen your security and business resilience, please visit the Dataminr page, where you’ll find thought leadership content straight from the C-suite.
The call for better control over converging threats
Forward-thinking organisations are increasingly blending their cyber and physical security teams to improve their overall security posture. However, the merging of the two is not yet the prevalent model for security operations.
Some experts warn that having siloed teams opens businesses up to operational blind spots and a weaker security posture. For instance, when a new threat emerges, oftentimes security practitioners focus only on their area of responsibility with little knowledge of what is happening on the other side of the house—preventing both cyber and physical security teams from having a holistic view of the potential threats.
Marrying the expertise of cyber and physical security leaders and teams can be challenging. Often, there is a cultural and skills divide between the two, which leads them to look at the world very differently. Those differences can result in poor communication and sometimes outright miscommunication, two of the biggest problems facing organisations that have yet to develop strong processes to drive collaboration across these two critical teams.
There are also logistical barriers to consider, as well as a lack of understanding at the senior leadership level as to why security convergence is no longer a nice-to-have—but a business imperative.
When security teams join forces
There are many benefits to having cyber and physical security teams work in close partnership:
- A stronger, more holistic security posture
- Faster identification of, and assessment and response to, threats that fall within both the cyber and physical domains
- Better communication and sharing of information and technology
- Improved efficiencies and better outcomes
While each organisation will manage and respond to the increasing convergence of physical and cyber risks differently, real-time information is at the heart of their ability to do so. Organisations need to ensure all security teams have equal access to real-time data on emerging and potential risks, regardless of where or how the threat begins, and create a clear process for when and how to communicate that information and which stakeholders should receive it.
Being able to identify these cyber-physical events and risks as early as possible and as they occur and unfold is critically important, which is why Dataminr’s corporate customers rely on Dataminr Pulse to detect the earliest signals of high-impact events and emerging risks.
When Colonial Pipeline was hit by a ransomware attack in May 2021, Dataminr Pulse alerted customers to related network issues one day prior to major media coverage. And Pulse continued to alert on the incident as it unfolded with the context needed for customers to make informed decisions.
As technology advances and becomes more integral to the ways in which we work and live, we can expect to see an increase in cyber-physical threats such as the Colonial Pipeline attack. To stay ahead of and effectively mitigate such risks, security leaders—no matter their area of expertise or focus—must be sure their teams work in tandem to counter threats and share information, tools, skills and resources.
Learn more about the need for security convergence and how AI can help you achieve stronger resilience from the Dataminr thought leadership page.
Dataminr is recognized as one of the world’s leading AI businesses. The company’s clients are the first to know about high-impact events and emerging risks so they can mitigate and manage crises more effectively. Dataminr solutions are relied on 24/7 by hundreds of clients in over 100 countries across six continents to help them solve real-world problems. Dataminr is one of New York’s top private technology companies, with over 800 employees across eight global offices.