How Attackers Exploit Cyber & Physical Security Gaps to Wreak Havoc on Infrastructure

What we’ve learned in recent years is that criminals took advantage of empty workspaces to do the old-fashioned break-and-enter, completely bypassing border protections on the network. It is alarming how securing physical spaces has been overlooked in favor of cyber defense when the smart play is the convergence of both. Ensuring employee safety against potential risks is as important as protecting against cyberattacks.

Digital technology should do more to prevent physical break-ins because once an attacker gains access to your hardware, it’s game over. As anyone well knows, security breaches in the work environment can lead to significant security issues. Here’s how attackers exploit the cyber and physical gaps in your security to wreak havoc on your infrastructure, according to Resolver.

Examples of Physical Threat Vectors Compromising Digital Security

• An infected USB drive is planted in the office which an employee picks up and loads onto the network. This highlights the importance of workplace safety and the need for effective security measures. Training employees on recognizing and reporting such potential threats is crucial. Data protection and information security should be a top priority in any workplace security policy.

• An attacker breaks into a server room and installs rogue devices that capture confidential data. This is a clear example of the need for access control in sensitive areas. On-site security guards can provide an additional layer of protection. Office security measures should be designed to address these potential risks.

• The internet drop line is accessible from outside of the building, allowing an attacker to intercept data or cut the line completely. This is a potential security breach that can be mitigated by implementing proper access control systems and security measures against natural disasters. Data protection measures should be included in the workplace security plan.

• An attacker pretends to be an employee and counts on a real employee’s courtesy to hold the door for him as they enter together. This is a common security threat that can be addressed by educating employees about workplace safety and the importance of access control systems. Regular training sessions can help employees recognize such security issues.

• An inside actor looks over the shoulder of a system engineer as they type administrative credentials into a system. This is a security breach that can be prevented by implementing strict access control measures and conducting regular security training. Protecting sensitive information should be a top priority in any workplace security policy.

• An attacker sends a small device through the mail, the size of a business card, to transmit signals that compromise your network. Security experts call this tactic “warshipping.” This is a security threat that can be mitigated by implementing effective security measures and protecting sensitive data. Training sessions can help employees recognize and report such potential risks.

Examples of Physical Attacks Enabled by Cybersecurity Gaps

• An attacker shuts down internet-connected security cameras, allowing a break-in to go undetected, deleting footage, etc. This is a security breach that can be prevented by implementing robust access control systems and alarm systems. Office security measures should be designed to address these potential risks.

• The internet-facing keycard access system is compromised, allowing an attacker to grant or remove physical access to the building. This is a clear example of the need for access control in workplace safety. Regular security training can help employees recognize such security risks. A robust visitor management system can help prevent such security issues.

• Network-connected manufacturing systems can be attacked and shut down, causing loss of productivity or a safety incident. This is a security threat that can be mitigated by implementing effective security measures and protecting sensitive information. Data protection should be a top priority in any workplace security plan.

• CPU-intensive malware can be loaded onto a server cluster which spikes power consumption, resulting in overheating, brownouts, or a total loss of power. This is a security breach that can be prevented by implementing robust access control systems and alarm systems. Office security measures should be designed to address these potential risks.

• Ransomware on a hospital network can prevent physicians from accessing patient records and delivering necessary care. This is a security threat that can be mitigated by implementing effective security measures and protecting sensitive data. Data protection and information security should be a top priority in any workplace security policy.

Physical Threats Enabled by Digital Security Vulnerabilities

Interconnected and cloud-based security have caused some organizations to unknowingly expose themselves to risk. By opening their controls up to network-based attacks, attackers are able to remotely disable physical controls and gain physical access to systems containing confidential data. Security guards and alarm systems can provide an additional layer of protection. Office security measures should be designed to address these potential risks.

This type of digital attack is usually aimed at industrial and manufacturing operations, where network-connected Industrial Control Systems and Programmable Logic Controllers govern automated manufacturing. Protecting these systems from cyberattacks is as important as ensuring workplace safety. Data protection should be a top priority in any workplace security plan.

While these systems have traditionally been in closed-circuit configurations, the rise of automation and software-defined processes have pushed these systems onto corporate networks – or, in the worst cases, onto the worldwide web!

When an attacker can gain control of machines weighing thousands of pounds, it could potentially create incredible destruction when used improperly and endanger human lives. Employee safety should always be a priority. Training sessions can help employees recognize and report such security issues.

The Best Defense Is Convergence

Physical and cybersecurity convergence comprises networks, applications, security systems as well as people doing practical things, to secure both environments. Below are recommendations for securing the physical and cyber world through the convergence of tried-and-tested analog mechanisms and digital automation:

• When feasible, don’t connect your physical security controls to a network or cloud, and especially not to the public internet. Obviously, this is going to come at a cost of convenience and functionality but if your buildings don’t require a complex network-based access system, don’t implement one.

• If your cameras don’t need to be accessible from outside the building, don’t put them on the internet; if only a few people ever need to access the server room, consider locking it with a traditional key or combination-lock pad rather than a badge system that could be compromised.

• Create and enforce a policy requiring employees to take their laptops home every night. This strategy will reduce the likelihood of both theft and unauthorized access, as well as minimizing impact in the event of an overnight disaster at the office.

• If your business is in manufacturing or industrial markets, heavily scrutinize and evaluate plans to connect equipment to a network prior to execution. Ensure that any business case for doing so will outweigh the considerable risk of putting these systems on a network.

• When performing risk assessments and control designs, always factor in a scenario where an attacker has gained physical access to the building and is standing in front of the system or device. How will you stop them from causing real damage?

• Disabling unused ports, locking servers into racks (and the racks bolted to the floor), MAC address whitelisting, and wireless site surveys don’t require much effort and will go a long way in adding another layer of defense.

• Implement multi-factor authentication (MFA) wherever it’s reasonable to do so. This includes WiFi connections (or 802.1X for hardwired devices), accessing email from outside the building or on a new device, and logging in to production systems, both on-premises and in the cloud. Even if an attacker gains physical access to the building and boots up a computer, MFA will prevent them from logging into the system, and in a best-case scenario, will generate an alert that can be forwarded to the security response team.

• Equip spaces with intrusion detection systems can sound off the alarm for malicious entry. Alarm systems are a crucial part of any security plan.

• Innovative mail screening technology provides scalable, safe, and greater visibility into more minor threats in a workplace. Training employees to recognize and report such potential threats is crucial.

Bridging The Gap Between Physical & Cyber Security

A well-integrated security architecture connects the physical and cyber worlds through intelligence sharing, visibility, control, and automation. Protect your organization from malicious intruders, both virtual and physical, and ensure that your infrastructure is not compromised. Security training plays a vital role in this process. A comprehensive workplace security plan should be a top priority for any organization.