Physical security and cybersecurity have long been separate functions, often run by independent departments within an organization. And for decades, there wasn't much of a need to bring them closer together. But those silos, and a lack of regular and effective communication, make it difficult for these two teams to have a holistic view of the many threats targeting their enterprise.
This puts organizations especially at risk in today’s ever-evolving threat landscape, where cyber-physical risks have significantly increased in frequency, sophistication, speed and scope. As such, businesses are now faced with a larger attack surface.
To ensure the highest level of protection possible, it’s in every organization’s best interest for their physical security leaders and teams to engage and collaborate closely with their cybersecurity partners.
One of the most obvious barriers to effective communication is that the physical and cyber teams often speak different languages. Cybersecurity team members often come from very technical backgrounds with industry-specific terminology and protocols. On the other hand, physical security leaders and their staff typically have expertise in law enforcement and/or corporate security.
Also, their definitions of risk are different. For someone in the physical security space, it's easier to visualize and grasp the ramifications of an accident or an extreme weather event. But for someone who doesn't speak the language and hasn't worked in cybersecurity, it can be more challenging to understand the impact of a cybersecurity attack and how it might be relevant to their area of responsibility.
While many organizations have acknowledged the need for better cooperation and communication between their physical and cyber teams, it’s still a challenge some security organizations are wrestling with. Here are some common sense recommendations you can take into consideration.
No. 1: Get to know each other
A starting point for both functions is to get to know each other’s team members. It’s possible that when the cyber and physical security departments are working in complete silos—especially at a large enterprise—they haven’t found a chance to meet and know the key players. It’s pretty hard to collaborate and form a genuine partnership if you don't know one another.
No. 2: Understand each team’s responsibilities and challenges
Create a baseline of cybersecurity awareness, intelligence and understanding throughout your organization. This doesn’t stop at the leader or manager level—but it’s where it has to begin.
That’s not to say physical security leaders should become cyber experts, but it's crucial to develop general knowledge about the challenges your cybersecurity colleagues are facing and the CISO’s top-of-mind priorities and concerns.
No. 3: Maintain regular, productive communication
There should then be a standard, disciplined routine of communication and coordination, through meetings and check-ins. More importantly, security leaders on both teams need to communicate frequently to maintain real-time situational awareness. Do you have enough information on a day-to-day basis to stay ahead of emerging risks? What are some of the most critical vulnerabilities being exploited by cyber criminals that can affect your physical security, and vice versa?
No. 4: Collaborate to prepare for future threats and strengthen security posture
When there is not an active risk, it’s imperative that the physical and cyber teams work together to prepare for future threats.
Role-playing via tabletop exercises will most often prove useful. You should also conduct assessments of past risk incidents, where there was a cyber-physical convergence. Then ask yourself the following questions:
When exercising these four steps, it’s important to remember two things: 1) that these types of conversations must happen on a consistent basis and 2) that the onus to learn and drive the changes can’t be one-sided.
Beyond implementing and following procedures to remove silos, it’s even more important for physical security leaders to form a sense of trust with their cyber partners, knowing they can and should rely on each other in times of crisis.
Senior management must be the ones to spearhead a cultural shift that cultivates and pushes inclusivity forward to bring these two teams together. That includes senior leadership, such as the CIO, CSO or CEO, communicating to the rest of the organization that this is a priority.
In addition, senior leadership needs to provide adequate resources, bandwidth and opportunities for both security teams to collaborate. On most days, employees on these teams are inundated with information and tasks, making it difficult for them to set aside time and allocate their own resources to learn from the analysis and insights generated by the other team.
As cyber-physical risks and events are rapidly increasing, it’s even more challenging for the two security functions to keep track of every single incident or emerging risk. This is where real-time information becomes a beneficial tool.
Real-time information allows physical and cyber security leaders to gain situational awareness about high-impact incidents as they unfold, and discern their potential impact. Leaders can also use the data to detect signs of any converging impact in real time, communicate with each other and deploy their resources to respond accordingly.
Download Research Report: Risk in a Real-time World
Ultimately, the worst scenario for any security team—in both cyber and physical environments—is to have delayed reactions to a risk or event and then find a way to recover from it. It is real-time information and contextual awareness that will help you stay ahead of threats, swiftly coordinate and make more informed decisions as you respond.
Learn how organizations like yours use Dataminr Pulse to detect the earliest indications of high-impact events, threats and other business critical information so they can respond with speed and confidence.
Nate Green is a Senior Product Marketing Manager and Cyber Risk Subject Matter Expert at Dataminr, where he leads go-to-market efforts for Dataminr Pulse cybersecurity and dark web content. Prior to Dataminr, Nate held various cybersecurity roles in the national security sphere. He holds a master’s degree from Georgetown University's Walsh School of Foreign Service.