What convergence of physical and IT security means to businesses?

  • Industry News
  • Jan 31,22
As organisations have forged ahead on their digital transformation journeys, innovative technologies such as IoT and AI have blurred the lines between physical security and cybersecurity: a trend that's set to continue long term.
What convergence of physical and IT security means to businesses?

Until recently, physical and cybersecurity domains were separate from one another. Security teams, access control systems, and CCTV systems were used to physically secure buildings – from data centers to factories and warehouses. And IT teams looked after IT and network security with firewalls, anti-virus software, and data encryption technologies.

But as organisations have forged ahead on their digital transformation journeys, innovative technologies such as IoT and AI have blurred the lines between physical security and cybersecurity: a trend that's set to continue long term.

Why IoT is increasing your physical and IT 'attack surface'
When thinking about your overall security strategy, consider that your security cameras and other security infrastructure are now 'IoT devices' that are connected to the network. This gives criminals and hackers a much larger 'attack surface' for their activities, with multiple ways into your organisation.

For example, hacking or otherwise accessing a network-connected camera or other device can allow criminals to override physical security controls and enter restricted areas or buildings. Equally, hackers who can breach IoT devices on the network may be able to disrupt critical systems, steal data, install ransomware, or otherwise compromise your company's operations.

Physical break-ins also pose major cybersecurity risks
Equally, criminals who manage to circumvent your physical security infrastructure can also gain access to IT equipment and systems housed in restricted buildings. This means they can extend the impact of their localized attack across the length and breadth of your network, causing untold damage and disruption in the process.

This is especially the case where server rooms are left open or unlocked within a building. The mission-criticality of the network, and the sensitive data stored in connected systems, means that much stronger security is needed for these kinds of facilities to ensure they are never accessed, even if intruders breach your building defenses.

Here are some examples of how physical threat vectors can compromise digital security:

  • An infected USB drive is planted in a parking lot, lobby, etc., which an employee picks up and loads onto the corporate network.
  • An attacker breaks into a server room and installs a rogue device that captures confidential data.
  • An attacker pretends to be an employee and counts on a real employee’s courtesy to hold the door for him as they enter together.
  • An inside actor looks over the shoulder of a system engineer as they type administrative credentials into a system.
  • The most well-known example of an attack on physical systems followed by an attack of IT systems is the hack on the retail giant Target in 2013. The attackers used an HVAC vendor’s credentials to compromise the network and ultimately the point of sale (POS) systems of this company. The attackers 'entered' the company via the Heating, Ventilation & Air Conditioning (HVAC) systems and managed to compromise several millions of credit cards of Target customers, which caused the resignation of the CIO and CEO of Target.

    Why ignoring the issue isn't an option?
    The consequences of security breaches – whether they take place in the physical or IT domain – are potentially devastating for many organizations, and especially those in mission-critical industries. Security breaches at electricity sub-stations, for example, could leave entire towns or cities without power. And similar breaches in data centers could result in internet 'blackouts', major data breaches, regulatory fines, and a raft of other negative impacts.

    To minimise the risks of security breaches in the age of IoT, forward-thinking organizations are looking to extend their security strategies seamlessly across the physical and IT domains. This holistic and integrated approach requires both organizational and technology changes that reflect the rapidly changing physical and IT security risk landscape.

    "The age of IoT and AI means that physical and IT security are no longer separate domains. Instead, everything is connected, and you need to converge your security leadership, teams, capabilities, and technologies to navigate the evolving risk landscape," said Fred Streefland, Director of Cybersecurity and Privacy at Hikvision EMEA.

    Four key strategies for integrating your physical and IT security
    Forward-thinking organizations are beginning to integrate their physical and IT security provision based on 4 key strategies:

    1. Creating an integrated security culture and transformation plan: Any successful integration of physical and IT security begins with a strategy based on digital transformation. This strategy needs to be communicated across the entire security organization from the top down, preparing teams for the transition to integrated physical and cybersecurity, including key milestones and potential disruptions and change management issues.

    2. Appointing a CISO or data officer who is responsible for both physical and IT security: The siloed nature of physical and IT security responsibilities increases the risk that attacks in a particular domain will go undetected, or that responses will be too slow to prevent negative impacts from occurring. By appointing a CISO or other c-level executive for joint responsibility, and visibility, of physical and IT security, these potential gaps can be closed, and faster, more effective responses can be mounted in the event of a breach in either domain.

    3. Converging physical and IT security monitoring within a single dashboard interface: In terms of technology, integrating IT and physical security monitoring into a single dashboard helps to dramatically decrease the risk of a breach, and to mitigate the impacts if a breach should occur. For example, by mapping cyber and physical threats together, a unified dashboard can spot anomalies more quickly, and pinpoint where the threat originated based on an unidentified device in the network, unauthorized access to a device or physical space, or other threat indicators.

    4. Deploying innovative technologies that enable truly unified security responses: By implementing data analytics platforms, smart video solutions, AI-powered security algorithms and other innovative technologies of this type, organizations can detect security threats across physical and IT domains in near-real time. Additionally, false positives can be minimized, further saving time and resources and speeding up security responses.

    Article Courtesy: Hikvision India

    About Hikvision
    Hikvision India is the leading video security solution provider. In addition to the security industry, the company extends its reach to smart home products and solutions, industrial automation, and robotics to achieve its expansion plan. Driven by the ‘Make- in-India’ vision, the company manufactures a wide range of video surveillance products at its state- of-the- art manufacturing facility near Mumbai.

    Related Stories

    Policy Regulation
    Industry leaders react positively to the interim budget 2024-25

    Industry leaders react positively to the interim budget 2024-25

    The Interim Budget also contained a number of announcements and strategies indicating directions and development approach for making India Viksit Bharat by 2047. Here are the reactions from the indu..

    Read more
    Automation & Robotics
    From quantum leap to space age innovations, Capgemini unveils top 5 tech trends

    From quantum leap to space age innovations, Capgemini unveils top 5 tech trends

    While GenAI will remain a highly discussed topic in the upcoming year, Capgemini anticipates that other key technologies will also mature or experience breakthroughs in 2024.

    Read more
    Automation & Robotics
    From quantum leap to space age innovations, Capgemini unveils top 5 tech trends

    From quantum leap to space age innovations, Capgemini unveils top 5 tech trends

    While GenAI will remain a highly discussed topic in the upcoming year, Capgemini anticipates that other key technologies will also mature or experience breakthroughs in 2024.

    Read more

    Related Products

    Fire Alarm Sysytem

    INDUSTRIAL SAFETY & SECURITY SYSTEMS

    Nayakson Security Systems is offering a range of fire alarm, intrusion alarm and gas alarm systems.


    Read more

    Request a Quote

    Push Button Safety Quick Release Coupling

    INDUSTRIAL SAFETY & SECURITY SYSTEMS

    Siemag introduces the all new push button safety quick release couplings. Read more

    Request a Quote

    Surgical Sterile Gloves

    INDUSTRIAL SAFETY & SECURITY SYSTEMS

    Rising Sun Enterprises is a manufacturer and wholesaler of a wide range of surgical sterile gloves.

    Read more

    Request a Quote

    Hi There!

    Now get regular updates from IPF Magazine on WhatsApp!

    Click on link below, message us with a simple hi, and SAVE our number

    You will have subscribed to our Industrial News on Whatsapp! Enjoy

    +91 84228 74016

    Reach out to us

    Call us at +91 8108603000 or

    Schedule a Call Back