Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Why cybersecurity should be your physical security priority

And how to apply this knowledge to your enterprise at scale

By Bud Broomhead
physical-security-cyber-fp1170x658v40.jpg

Image by rawpixel.com via Freepik

September 9, 2022

Too often, chief security officers (CSOs) look at their role through two separate lenses: physical security and cybersecurity. The policies and programs for physical security systems differ drastically from those required for cybersecurity.  

And, yes, most CSOs are aware that protecting physical facilities and assets helps prevent cyber breaches, and this logic also works inversely. A recent study by IBM shows that in 2022 the cost of a cyber breach is now over $4M per incident; combine that with data from Palo Alto Networks showing that IP cameras are the most vulnerable enterprise devices, and it’s clear that CSOs have an imperative to focus on both physical and cybersecurity.  

Applying the proper cybersecurity practices to physical security systems provides organizations a host of new benefits, including increased overall security with enhanced operational and cost efficiencies. Siloing an organization’s cybersecurity and physical security only creates more risk.  

Take, for example, the securing of IoT and networked edge devices. Most enterprises have strict corporate policies and compliance requirements for end-point devices and servers. Every time a new computer or software is connected to the network, strict cyber-hygiene guidelines follow, including frequent software and firmware updates, strong password creation and rotation, backups, and other simple cybersecurity practices.

These practices are a mainstay across almost all enterprises, but unfortunately, most enterprises do not extend these same policies and practices to edge devices residing on physical security networks. Given that today’s physical security systems are made up of thousands of edge and IoT devices, cybercriminals can potentially utilize thousands of vulnerable entry points to compromise an enterprise. Unless an explicit exemption is given, all physical security devices should be maintained and secured according to corporate governance policies.  

Truth be told, companies are less adept at securing peripheral IoT devices than they are at securing physical spaces or the network itself. Not only does this fact impact an organization’s cyber and physical security posture, it could also impact its cybersecurity insurance policy.

If a vulnerable physical security system is found to be the source of a cybersecurity breach and is not maintained appropriately with firmware updates and password rotations, cyber insurance claims can potentially be denied. This means if a bad actor exploited a network using a default password or out-of-date firmware traced to a physical security device, the burden of responsibility might lie solely on the enterprise. The cost of such a breach could be well into the millions, not including excluding the cost of lost stakeholder trust and reputation.

As cybersecurity insurance claims rise, comprehensive coverage has become harder to obtain. Premiums are rising, documentation requirements have exploded, and organizations have less protection than in the past.

Cyber insurance policies must be renewed yearly and will soon likely account for the changing physical security and IoT landscape in making policy decisions. That is why cybersecurity insurance should not be relied on as a reason to skimp on proper cyber-hygiene practices. It is up to the enterprise to adopt and create proper security protocols to protect its digital and physical assets.

One challenge in creating and deploying such policies is that they must be done at an enormous scale. Today, networked door locks and security cameras incorporate processors and operational firmware that needs to be tracked, managed, and updated to maintain proper cyber hygiene. It is not uncommon for large enterprises to have hundreds to thousands of these devices, far surpassing the number of computers and servers most CSOs are accustomed to managing.

Maintaining the cyber-hygiene for potentially thousands of devices is virtually impossible for even the most experienced security teams. Luckily, many automated solutions are available to help manage, secure, update firmware, ensure device password compliance, and provide IoT device certificates at scale.

Innovative IoT security platforms provide vulnerability scanning, device classification, remediation, and repatriation at scale, allowing organizations to quickly identify and fix cybersecurity vulnerabilities within minutes, not months.

For example, certificate-based network access control (NAC) is critical to keeping the right IoT devices online. It would take an inordinate amount of time for security teams to manually verify and update every certificate for every networked device. Automated device certificate managers deliver centralized life cycle management for 802.1x, TLS, and OPC-UA certificates for all devices. With a click of a button, the technology validates certificate presence, age, and validity and updates and manages certificates on virtually any number of IoT and security devices anywhere.

The same is true of device firmware updates. Updating a device’s firmware is an important cyber-hygiene practice that often goes overlooked since doing so manually is a tedious, manual, and complex effort, especially when an organization has deployed different devices from multiple vendors. An automated device firmware manager identifies which connected IoT devices require firmware updates and will automatically update the firmware if necessary. Secure “chain-of-trust” methods ensure that the firmware being updated is from a trusted, uncorrupted source. 

Lastly, default and enterprise-wide passwords provide the simplest path to hacking any IoT device. And just as employees have passwords for their computers, physical security devices should not be exempt. Innovative password management technology provides a viable, automated approach to verify that strict password policies and compliance requirements are being met for all distributed devices.

Such a solution verifies IoT devices are not using default or commonly used passwords, which are a proven network vulnerability to cyberattacks. Furthermore, automated password verification helps ensure compliance with many standards, including PCI, NERC, NIST, etc., ensuring that surveillance networks cannot be compromised because of lenient password standards.

It is also important to note trending discussions on the liabilities associated with cybersecurity breaches. In fact, Gartner predicts that 75% of CEOs will be personally liable for cyber-physical security incidents by 2024.

This is cause for concern in C-suites across all businesses and organizations that should also be resonating loudly within all professional security circles. Excuses related to overburdened operations and budgets, lack of technical know-how, and/or ignorance of the law will simply not be sufficient anymore — not when your CEO’s neck is on the line and you’re responsible for protecting it.

This is a new and compelling incentive to resolve the longstanding and emerging challenges CSOs and CISOs face to better secure professional security and enterprise networks.

The good news is that there are automated IoT security technologies that do the very thing that CSOs wish they could do but are unable to — apply an enterprise’s cybersecurity policies to physical security devices at scale.

These automated security solutions help tangibly merge cyber and physical security, providing a holistic approach to security wherein physical security protects cyber assets and vice versa. This leads to improved costs and operational efficiencies, reduced exposure to organizational and personal liabilities, reduced cyber breaches, fewer disruptions to physical security operations, compliance with cybersecurity insurance requirements, and more.  


This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: Chief Security Officer (CSO) cyber insurance cybersecurity physical security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bud Broomhead is CEO of Viakoo

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Person holding large ball of twine

Preventing Burnout in The Security Industry

Harrods

Harrods’ Cyberattack: Cybersecurity Leaders Weigh In

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • business-risk-management.jpg

    Why cyber risk assessments should be a part of your business strategy

    See More
  • Hand points to cell phone

    Why mobile credentials should be part of your access control program

    See More
  • video-conference-freepik006785.jpg

    Standardizing video conferencing security guidelines should be a top government priority

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!