Cybersecurity covers a number of different protections for networked systems, programs and devices. Digital attacks can have many goals, but the most common include accessing sensitive information to steal, change, or destroy it; interrupting usability to disturb business practices; and extorting money from users by ransoming sensitive or critical information or by blackmail. Cybersecurity operations can help to prevent risk and mitigate liability by hardening business systems against these attacks. Basic cybersecurity practices include creating strong passwords (and not sharing them), vetting anything downloaded to a business device, and implementing and regularly updating firewalls.
There are numerous avenues for cyber threats, and many organizations are far more vulnerable than they realize. As these threats have increased, physical security has become a critical part of the cybersecurity conversation. Physical and cyber security have long been separate concerns in the security world, often run by separate departments within a business. Typically, physical security operations were run by professionals with a background in law enforcement, with expertise in maintaining the physical safety of a facility using solutions such as locks, cameras, guards, fencing and alarms. Cybersecurity was the exclusive domain of the IT department, who had responsibility for the computer systems and network. The two departments originally had little overlap in decision making for security procedures. However, it has become clear that this lack of communication can leave attack surfaces open—a vulnerability that has been used to advantage by many hackers in recent years.
Data breaches happen every day, ranging from the small to the massive. As numerous organizations have discovered over the last few years, leaving your data vulnerable can compromise your business operations and damage your reputation. Here are a few recent real-world examples:
The Netherlands division of Gemalto, an international digital security company, released the following global statistics in 2018:
Physical security is a vitally important business practice, to prevent unauthorized persons from entering your business and causing harm, to protect your intellectual property from corporate espionage, and to mitigate workplace violence, among other concerns. Today, organizations must consider physical security as a primary pillar of cybersecurity. There are three differing perspectives on this reality, each of them paramount to maintaining overall security.
For many hackers, the easiest way to obtain your data is to access it in the physical world. While strong firewalls and other cybersecurity best practices may thwart hackers outside your business from entering the network, very often hackers will simply find a way into your building and plug into any IP connection – or grab a laptop or server and walk out with it. They may use social engineering to bypass security guards, slip in behind an employee who politely holds the door open for them, tailgate through an access-controlled entrance, or use stolen credentials to get into your facility. Deploying the strongest-possible physical security measures is the best way to mitigate against this danger.
If your IP-connected physical security solutions are not properly hardened to cybersecurity threats, they can be compromised via the network. A hacker outside your building can access your network—through unsecured WiFi networks, a vulnerable Internet of Things (IoT) device, or another weakness—and can disable physical security devices such as surveillance cameras, access control systems or alarms. This can put your organization at risk in a number of ways. Terrorists could enter buildings, putting your personnel in direct danger. In a healthcare facility, criminals or employees, could steal prescription medications from protected storage rooms. Unauthorized individuals could enter restricted areas of critical infrastructure facilities and put themselves or the general population at risk.
Any device on the IoT – from a smart fishtank to an elevator system – could be used by hackers as an entry point to the network. The same is true for physical security products from surveillance cameras to WiFi locks. The moment a device is connected to the network, it becomes a potential attack surface for a hacker to use to reach the network, from which they can implant malware, steal data or cause many other sorts of mayhem that disrupts business operations. Every IoT-connected device used in your organization must be properly hardened to prevent this from happening.
Building and perimeter entrances are key points for physical security, and much of the technology for physical security devices has been developed to protect entrances. Even as new technologies have emerged, they have mostly been a variety of protections for standard swinging doors, which have long been used to enter and exit buildings. The use of doors has typically and traditionally been an architectural decision, with door styles selected for their design aesthetic or user convenience with little consideration for security. Generally, the biggest security concern considered when installing an entrance was compliance with fire codes and other emergency exit guidelines. While it is still important to consider these factors, it has now become necessary to consider the entrance as a main factor in physical and cybersecurity best practices.
Installing standard swing doors at any location in a facility presents risk, as their design does not prevent unauthorized intrusions. Once a swing door is open, even if it has been unlocked using authorized credentials, an unlimited number of individuals can enter. What is often considered basic politeness—holding the door for the person behind you—can in fact be an enormous security risk. Unless there is a guard at the door, there is no prevention for tailgating (additional people following someone through the door), and even a guard can be easily misled using the process of social engineering to allow an authorized individual to enter. Worse, unless it has special alarms, a door can be propped open and left that way indefinitely.
Once a cybercriminal is inside your facility, you have lost most of the battle to protect your data. At that point it is quick and simple for them to plug into an IP port, access your network, and perform whatever actions they want. If they walk in and out without having been noticed, you may not even know that there has been a breach until data turns up corrupted, operations cease to function properly, or the stolen data is utilized or ransomed back to you – at which point the damages only multiply.
You can protect your business against cyber threats by installing security entrances at entry and exit points of your facility, at the perimeter and at internal access points. Security entrances are available in a variety of configurations and can help to protect your business from unauthorized entry that can seriously increase your risk for cyber attacks. It is in your business’ best interests to consider security entrances as a part of implementing cybersecurity best practices.
Only a security entrance can fully prevent tailgating and also verify that the individual who is entering matches the credentials that have been presented. This can dramatically reduce the need for security staff at the entrances and exits to your facility, while at the same time reducing your exposure to risk from cyber criminals.
To protect your facility from cyber threats at the entrance, there are a number of different types of physical security entrances that can provide the security you need. Tripod and full height turnstiles, optical turnstiles, security revolving doors and mantrap portals can all protect your business, but you may prefer to get some guidance to help determine which security entrance is right for you. Consider the four categories of security entrance solutions:
As discussed above, any device on the IoT could potentially present an attack surface for hackers to enter the network. For that reason it is important to take all possible measures to harden your networked security entrances against hacking. There are several protocols you can easily implement to accomplish this.
The boundaries between physical security and cybersecurity are disappearing, as each is an essential component of the other. Savvy cyber criminals know how to leverage physical security solutions in a number of ways to access data, steal intellectual property and otherwise cause harm to an organization. The risks can be catastrophic, and as the sophistication of attacks continues to grow, so the importance of addressing this area of security cannot be overstated.
Security entrances offer a unique level of protection as they not only fully prevent tailgating, one of the greatest risks presented by standard swing doors, but also verify the identity of every individual entering a facility. They cannot be compromised in the way that a security guard can through social engineering.
Cybersecurity is an unfortunate reality for today’s business. Deploying security entrances throughout your facility can help to ensure that your business data stays safe and protected, and that your risks are mitigated. For more information on physical security entrances for cybersecurity, please contact us at firstname.lastname@example.org or request a free on-site consultation.