The physical key to cybersecurity

July 5, 2018
Though sometimes overlooked, physical security plays a crucial role in safeguarding data

Network connectivity is changing the way that businesses operate. While the fast communication, higher level of integration, and better capabilities of the network bring many benefits to an organization, they also come with the added risk of hacking. There are many ways that a hacker with access to your data can create havoc: data theft or corruption, ransomware, and corporate espionage are all major security threats. For any business, protecting data is a top priority—whether it’s business data critical to your operations or customer data that could leave you liable if stolen. For this reason, cybersecurity is a high priority for any enterprise today.

The damage from any variation of hacking can be catastrophic. Lawsuits brought by customers unhappy with their data being leaked can be costly, and the lost business when your reputation takes a hit as your security vulnerabilities are exposed can also make it difficult to recover. Should another business corrupt or steal your data, they may gain a competitive edge. And a hacker with political or other motives may simply lay waste to your data, forcing you to spend resources and time in an attempt to reconstruct what little may be left.

Preparation in advance of any attack—both to try to prevent hacking, and to be adequately prepared should hacking still occur—can determine how well you recover. Many businesses aren’t fully prepared to prevent or handle a cyber-attack. A commonly-held belief is that hacks can only come from the outside, and businesses tend to focus their efforts on different forms of digital cybersecurity, like firewalls, encryption, and more to prevent these.

But while these digital protections are an important part of a cybersecurity plan, they do not protect from all possible angles of attack. Defending your operations and reputation requires a holistic cybersecurity plan, and physical security has become an increasingly important factor in protecting your network and data.

Sophisticated hackers are finding new ways to take advantage of physical security deficiencies to enact damaging cyber-attacks on organizations. There have been notable recent examples of physical security being used as the main access point for hackers looking for network and data access.

The infamous 2014 hack on Sony Pictures was perpetrated by a group who claimed that they were able to access the movie studio's computer systems because they failed to lock their physical doors. The group then stole and leaked data including personal information on employees, information regarding salaries, copies of unreleased films, intra-office emails, and a variety of other confidential information. They also released demands regarding an upcoming film that resulted in the film’s planned theatrical release being temporarily cancelled. The studio’s reputation was dramatically impacted, and the studio was compelled to set aside $15 million to deal with the subsequent damages. In the wake of the attack, they strengthened both their cyber and physical security systems.

The fact is that the simplest way for hackers to access your network is through a physical device that already has access, or through an on-site device. A hacker can break (or simply walk) into your facility and plug into an unprotected Ethernet port, or steal a company laptop or server, to access your network and any unprotected data without having to hack through most of the cybersecurity in place on your network. For this reason, physical security, including key control and key management, has become not only essential for protecting a business’ physical assets and employees, but also a critical component of cybersecurity.

Today’s key control systems are equipped to control access to sensitive areas, and can play an integral role in preventing hacks from unwanted visitors. A simple PIN, biometric scan, or ID card scan will give employees access to their designated keys and only those keys – noting within the system what key was accessed, when, and by whom. The system can send alerts to physical security or other personnel if an unauthorized attempt is made to access a key or to breach the key cabinet by force, or if a key isn’t returned by a designated time.

Key control can easily limit access to any part of your enterprise, including server rooms and cages, all while providing detailed logs and reports for management to review, should an incident occur. What’s more, leading key control systems can even integrate with your existing access control system for better usability and reduced setup time.

Limiting or controlling access with an efficient and secure key management system can provide the crucial physical layer to a holistic cybersecurity plan. With these tools at hand, your physical security team is well-equipped to become an essential part of your cybersecurity program.

About the Author: 

Joe Granitto is the Chief Operating Officer for Morse Watchmans.