How attackers exploit the cyber and physical gaps in your security to wreak havoc on your infrastructure
What we’ve learned in the last two years is that criminals took advantage of empty workspaces to do the old-fashioned break-and-enter, completely bypassing border protections on the network. It is alarming how securing physical spaces has been overlooked in favor of cyber defense when the smart play is the convergence of both.
Digital technology should do more to prevent physical break-ins because once an attacker gains access to your hardware – it’s game over. Here’s how attackers exploit the cyber and physical gaps in your security, to wreak havoc on your infrastructure according to Resolver. according to Resolver.
Examples Of Physical Threat Vectors Compromising Digital Security
- An infected USB drive is planted in the office which an employee picks up and loads onto the network.
- An attacker breaks into a server room and installs rogue devices that capture confidential data.
- The internet drop line is accessible from outside of the building, allowing an attacker to intercept data or cut the line completely.
- An attacker pretends to be an employee and counts on a real employee’s courtesy to hold the door for him as they enter together.
- An inside actor looks over the shoulder of a system engineer as they type administrative credentials into a system.
- An attacker sends a small device through the mail, the size of a business card, to transmit signals that compromise your network. Security experts call this tactic “warshipping”.
Examples Of Physical Attacks Enabled By Cybersecurity Gaps
- An attacker shuts down internet-connected security cameras, allowing a break-in to go undetected, deleting footage, etc.
- The internet-facing keycard access system is compromised, allowing an attacker to grant or remove physical access to the building.
- Network-connected manufacturing systems can be attacked and shut down, causing loss of productivity or a safety incident.
- CPU-intensive malware can be loaded onto a server cluster which spikes power consumption, resulting in overheating, brownouts, or a total loss of power.
- Ransomware on a hospital network can prevent physicians from accessing patient records and delivering necessary care.
Physical Threats Enabled By Digital Security Vulnerabilities
Interconnected and cloud-based security have caused some organizations to unknowingly expose themselves to risk. By opening their controls up to network-based attacks, attackers are able to remotely disable physical controls and gain physical access to systems containing confidential data.
This type of digital attack is usually aimed at industrial and manufacturing operations, where network-connected Industrial Control Systems and Programmable Logic Controllers govern automated manufacturing.
While these systems have traditionally been in closed-circuit configurations, the rise of automation and software-defined processes have pushed these systems onto corporate networks – or, in the worst cases, onto the worldwide web!
When an attacker can gain control of machines weighing thousands of pounds, it could potentially create incredible destruction when used improperly and endanger human lives.
The Best Defense Is Convergence
Physical and cybersecurity convergence comprises networks, applications, security systems as well as people doing practical things, to secure both environments. Below are recommendations for securing the physical and cyber world through the convergence of tried-and-tested analog mechanisms and digital automation.
- When feasible, don’t connect your physical security controls to a network or cloud, and especially not to the public internet. Obviously, this is going to come at a cost of convenience and functionality but if your buildings don’t require a complex network-based access system, don’t implement one
- If your cameras don’t need to be accessible from outside the building, don’t put them on the internet; if only a few people ever need to access the server room, consider locking it with a traditional key or combination-lock pad rather than a badge system that could be compromised.
- Create and enforce a policy requiring employees to take their laptops home every night. This strategy will reduce the likelihood of both theft and unauthorized access, as well as minimizing impact in the event of an overnight disaster at the office.
- If your business is in manufacturing or industrial markets, heavily scrutinize and evaluate plans to connect equipment to a network prior to execution. Ensure that any business case for doing so will outweigh the considerable risk of putting these systems on a network.
- When performing risk assessments and control designs, always factor in a scenario where an attacker has gained physical access to the building and is standing in front of the system or device. How will you stop them from causing real damage?
- Disabling unused ports, locking servers into racks (and the racks bolted to the floor), MAC address whitelisting, and wireless site surveys don’t require much effort and will go a long way in adding another layer of defense.
- Implement multi-factor authentication (MFA) wherever it’s reasonable to do so. This includes WiFi connections (or 802.1X for hardwired devices), accessing email from outside the building or on a new device, and logging in to production systems, both on-premise and in the cloud. Even if an attacker gains physical access to the building and boots up a computer, MFA will prevent them from logging into the system, and in a best-case scenario, will generate an alert that can be forwarded to the security response team.
- Equip spaces with intrusion detection systems can sound off the alarm for malicious entry.
- Innovative mail screening technology provides scalable, safe, and greater visibility into more minor threats in a workplace.
Bridging The Gap Between Physical and Cyber Security
A well integrated security architecture connects the physical and cyber worlds through intelligence sharing, visibility, control, and automation. Protect your organization from malicious intruders, both virtual and physical, and ensure that your infrastructure is not compromised.