Enterprise-Wide Risk Management: Bridging Physical and Cyber Protection
According to data from the University of Maryland, hackers attack computers and networks at a “near constant rate" of one attack every 39 seconds. PwC found that companies with over 5,000 employees experienced a meaningful crisis every year. Unfortunately, this is the new normal: today's increasingly digital organizations face a broad range of complex risks, and nobody is immune from an attack.
By 2021, Cybersecurity Ventures predicts that global cybercrime will cost $6 trillion annually. However, the damage goes far beyond the immediate financial impact.
Attacks cause damage to enterprise infrastructure, both in the online and physical worlds, and to third parties such as suppliers and customers. They also attract the attention of government regulators. With these facts in mind, prevention and the preemptive risk management must be top of mind for professionals in every industry sector.
Physical and Cyber Security: Two Sides of the Same Coin
As threats from the cyber and physical realms become increasingly prevalent and complex, enterprise security teams must arm themselves with an integrated approach to security operations—one that incorporates cybersecurity, physical security and advanced technologies such as artificial intelligence (AI) and machine learning.
One example that portrays how the cyber world affects physical security involves the hacking of a dam control system in New York in 2016. At the time of the incident, the dam control system was offline for repairs. Had the system been online, the hackers could have operated the floodgate remotely, potentially causing severe flooding during a period of intense rain. The United States Department of Justice implicated seven Iranians for their role in the attack.
As this attack and countless others show, silos between security teams must be eliminated, allowing physical and cybersecurity teams to work in tandem to identify problems as they arise and before they become a crisis. The convergence of these teams, strategies and frameworks can also break down silos within the wider organization to enhance operational excellence, while improving organizational communication and alignment.
The Role of Real-time Information
Synchronizing physical and cyber teams allows for a more cohesive strategy in fighting information leaks, internal threats, cybercrime and physical crime. In simple terms, the responsibility for protecting the enterprise must be shared beyond the confines of the IT or physical security department.
The March 2019 ransomware attack on Norsk Hydro, one of Europe's leading aluminum producers, underscores the importance of real-time information. News of the attack first appeared on social media when someone noticed the company's website was down.
The attack caused Norsk Hydro's network to fail, resulting in a loss of approximately $50 million. As soon as observances of the attack surfaced, Norsk Hydro relied on tools to distill information from social media and send real-time alerts that identified the version of ransomware. This enabled companies in every business sector to quickly learn how their own systems could be compromised.
Having access to real-time information enables professionals to be better informed and mobilize quickly against emerging threats. Moreover, enterprise tools allow for all relevant teams to have access to the same breaking information, which increases cohesiveness and unity across the enterprise.
Presenting a United Front
The misalignment between physical and cybersecurity teams can create gaps in the overall security framework of an organization. Enterprises must adopt a cohesive, unified and integrated approach to mitigate the unique risks posed by today's interconnected world.
In order to create a unified security framework, enterprises must update legacy systems, such as supervisory control and data acquisition systems designed to gather and analyze data in real time. Furthermore, organizations should encourage information sharing across the enterprise for increased efficiency and more robust communications.
Along those lines, organizations should embrace the use of publicly available information for its speed and ability to uncover actionable insights. Organizations should consider a wide variety of available datasets to enhance their security technology stacks, increasing the chances of catching a breach, threat or attack in its earliest stage. Systems enabled with holistic pattern recognition can spot suspicious or abnormal behavior quickly. Organizations should also institute an alerting system that can automate initial security decisions and evaluate risk.
Advanced technologies and publicly available information can help elevate the security technology stack's prominence and capabilities, while increasing visibility into cyber events as they unfold. This increased awareness and efficiency ensures professionals are armed with the information they need to make necessary changes, and properly prepare and protect against unique, multidimensional threats.