The spotlight placed on cybersecurity is growing wider, shining brighter and continuing to permeate global conversations. Most recently it earned a top spot on the agenda of the 2021 Geneva Summit at the behest of U.S. President Biden and Russian President Putin. Given that the number of ransomware attacks increased by almost 150 percent in March of last year and the first half of 2021 saw a 102 percent increase in ransomware attacks, the widespread concerns are legitimate.
Cybersecurity failures are increasingly leading to serious high-stakes ramifications in the physical world, where both critical infrastructure and people’s lives are at risk. Take for instance the 2021 water plant hack in Florida. A network breach quickly turned into a physical attack that threatened to poison a city’s water supply with dangerous levels of lye.
Despite that, many organizations continue to operate their cyber and physical security teams as distinct, standalone disciplines with little to no collaboration on managing risks.
What’s the solution? As cyber-physical threats become more pervasive, ensuring the two teams can establish formal means and standards of collaboration is now a strategic business imperative. The result, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is cyber and physical security functions that are more resilient and better prepared to identify, prevent, mitigate and respond to threats.
A siloed view of cyber-physical threats: How did we get here?
Traditionally, organizations have kept their physical and cyber security operations independent of one another. That’s partly due to the relative age of each practice. Physical security has a long history, while cybersecurity is comparatively new.
But thanks to the increased use of IoT and IIoT devices, the number of systems moving to the cloud, and the proliferation of social media and smart devices, the need for security convergence across industries is greater than ever.
Some examples of cyber-physical risks are more evident, such as the May 2021 ransomware attack on the Irish healthcare system. It led to a systemwide IT shut down that created a real and imminent threat to patients. Or the aforementioned attack on Florida’s water treatment plant.
Other examples are not as readily apparent, yet still pose significant risks. For instance, the recent rise in the number of attacks on Internet-connected industrial control systems (ICS), especially those that run critical infrastructure—from water treatment and gas plants to trains and traffic light systems. In some cases, hackers exploit security gaps in access controls to facilities, allowing them to install malware that compromises an organization’s entire network. Remote access software used to control ICS and heating, ventilation and air conditioning systems are also common entry points for attacks that affect both the cyber and physical domains.
The call for better control over converging threats
Forward-thinking organizations are increasingly blending their cyber and physical security teams to improve their overall security posture. However, the merging of the two is not yet the prevalent model for security operations.
Some experts warn that having siloed teams opens businesses up to operational blind spots and a weaker security posture. For instance, when a new threat emerges, oftentimes security practitioners focus only on their area of responsibility with little knowledge of what is happening on the other side of the house—preventing both cyber and physical security teams from having a holistic view of the potential threats.
Marrying the expertise of cyber and physical security leaders and teams can be challenging. Often, there is a cultural and skills divide between the two, which leads them to look at the world very differently. Those differences can result in poor communication and sometimes outright miscommunication, two of the biggest problems facing organizations that have yet to develop strong processes to drive collaboration across these two critical teams.
There are also logistical barriers to consider, as well as a lack of understanding at the senior leadership level as to why security convergence is no longer a nice-to-have—but a business imperative.
When cyber and physical security teams join forces
There are many benefits to having cyber and physical security teams work in close partnership:
- A stronger, more holistic security posture
- Faster identification of, and assessment and response to, threats that fall within both the cyber and physical domains
- Better communication and sharing of information and technology
- Improved efficiencies and better outcomes
While each organization will manage and respond to the increasing convergence of physical and cyber risks differently, real-time information is at the heart of their ability to do so. Organizations need to ensure all security teams have equal access to real-time data on emerging and potential risks, regardless of where or how the threat begins, and create a clear process for when and how to communicate that information and which stakeholders should receive it.
Being able to identify these cyber-physical events and risks as early as possible and as they occur and unfold is critically important, which is why Dataminr’s corporate customers rely on Dataminr Pulse to detect the earliest signals of high-impact events and emerging risks.
When Colonial Pipeline was hit by a ransomware attack in May 2021, Dataminr Pulse alerted customers to related network issues one day prior to major media coverage. And Pulse continued to alert on the incident as it unfolded with the context needed for customers to make informed decisions.
As technology advances and becomes more integral to the ways in which we work and live, we can expect to see an increase in cyber-physical threats such as the Colonial Pipeline attack. To stay ahead of and effectively mitigate such risks, security leaders—no matter their area of expertise or focus—must be sure their teams work in tandem to counter threats and share information, tools, skills and resources.
Learn more about the power of Dataminr Pulse real-time alerts and watch this on-demand webinar to dig deeper into the need for security convergence.
U3GM Blog Post Comments