[BreachExchange] The physical key to cybersecurity

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jul 5 20:55:55 EDT 2018


http://www.securityinfowatch.com/article/12419422/the-
physical-key-to-cybersecurity

Network connectivity is changing the way that businesses operate. While the
fast communication, higher level of integration, and better capabilities of
the network bring many benefits to an organization, they also come with the
added risk of hacking. There are many ways that a hacker with access to
your data can create havoc: data theft or corruption, ransomware, and
corporate espionage are all major security threats. For any business,
protecting data is a top priority—whether it’s business data critical to
your operations or customer data that could leave you liable if stolen. For
this reason, cybersecurity is a high priority for any enterprise today.

The damage from any variation of hacking can be catastrophic. Lawsuits
brought by customers unhappy with their data being leaked can be costly,
and the lost business when your reputation takes a hit as your security
vulnerabilities are exposed can also make it difficult to recover. Should
another business corrupt or steal your data, they may gain a competitive
edge. And a hacker with political or other motives may simply lay waste to
your data, forcing you to spend resources and time in an attempt to
reconstruct what little may be left.

Preparation in advance of any attack—both to try to prevent hacking, and to
be adequately prepared should hacking still occur—can determine how well
you recover. Many businesses aren’t fully prepared to prevent or handle a
cyber-attack. A commonly-held belief is that hacks can only come from the
outside, and businesses tend to focus their efforts on different forms of
digital cybersecurity, like firewalls, encryption, and more to prevent
these.

But while these digital protections are an important part of a
cybersecurity plan, they do not protect from all possible angles of attack.
Defending your operations and reputation requires a holistic cybersecurity
plan, and physical security has become an increasingly important factor in
protecting your network and data.

Sophisticated hackers are finding new ways to take advantage of physical
security deficiencies to enact damaging cyber-attacks on organizations.
There have been notable recent examples of physical security being used as
the main access point for hackers looking for network and data access.

The infamous 2014 hack on Sony Pictures was perpetrated by a group who
claimed that they were able to access the movie studio's computer systems
because they failed to lock their physical doors. The group then stole and
leaked data including personal information on employees, information
regarding salaries, copies of unreleased films, intra-office emails, and a
variety of other confidential information. They also released demands
regarding an upcoming film that resulted in the film’s planned theatrical
release being temporarily cancelled. The studio’s reputation was
dramatically impacted, and the studio was compelled to set aside $15
million to deal with the subsequent damages. In the wake of the attack,
they strengthened both their cyber and physical security systems.

The fact is that the simplest way for hackers to access your network is
through a physical device that already has access, or through an on-site
device. A hacker can break (or simply walk) into your facility and plug
into an unprotected Ethernet port, or steal a company laptop or server, to
access your network and any unprotected data without having to hack through
most of the cybersecurity in place on your network. For this reason,
physical security, including key control and key management, has become not
only essential for protecting a business’ physical assets and employees,
but also a critical component of cybersecurity.

Today’s key control systems are equipped to control access to sensitive
areas, and can play an integral role in preventing hacks from unwanted
visitors. A simple PIN, biometric scan, or ID card scan will give employees
access to their designated keys and only those keys – noting within the
system what key was accessed, when, and by whom. The system can send alerts
to physical security or other personnel if an unauthorized attempt is made
to access a key or to breach the key cabinet by force, or if a key isn’t
returned by a designated time.

Key control can easily limit access to any part of your enterprise,
including server rooms and cages, all while providing detailed logs and
reports for management to review, should an incident occur. What’s more,
leading key control systems can even integrate with your existing access
control system for better usability and reduced setup time.

Limiting or controlling access with an efficient and secure key management
system can provide the crucial physical layer to a holistic cybersecurity
plan. With these tools at hand, your physical security team is
well-equipped to become an essential part of your cybersecurity program.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180705/71cb7ed5/attachment.html>


More information about the BreachExchange mailing list