Where cybersecurity and physical security meet

Data breaches are on the rise worldwide, and the energy sector is among the top five industries targeted most often for hacking and ransomware attacks. While some breaches are caused by weaknesses in an organization’s virtual perimeter that allow hackers to exploit software vulnerabilities, a growing number sneak through connected IoT/IIoT (Internet of Things/Industrial Internet of Things) devices. That figure was more than 112 million in 2022.

Security cameras, access control readers, and other devices that make up physical security systems are likewise often overlooked as a source of vulnerability. With physical security devices of the past, like perimeter fences and door locks, the approach was ‘install what you need and let it do its job.’ As security technology advanced, this mindset persisted. Even as organizations began implementing IP-based technology and IoT devices, they didn’t always think about how these assets might make their networks vulnerable. In some instances, even though a physical security system resides on an organization’s network, it is managed by corporate security instead of the IT department. 

Physical security and information security are linked. There’s no difference in the result whether a hacker accesses an organization’s network physically, or through a video surveillance camera, a piece of HVAC equipment, or an employee’s laptop. As cyber threats grow, physical security and IT must work together to safeguard network infrastructure.  

Unifying physical and cybersecurity

A unified IT-and-physical-security team can develop a comprehensive security program based on a common understanding of risk, responsibilities, strategies, and practices. First, the team should conduct a current posture assessment to identify devices of concern.

• Create an inventory of all network-connected cameras, door controllers, and associated management systems, identify their functions and confirm their…