In a bid to improve efficiency, many companies have turned to smart technologies for functions like security and building management. Studies indicate that by 2019, US and Chinese companies had spent $194 billion and $182 billion on IoT devices.
As the number of things connected to the internet skyrockets, organizations face new security challenges. IoT vulnerabilities like weak passwords, privacy protection, and unsecured WiFi present a rich attack surface for hackers. For example, in 2016, hackers successfully intercepted internet-connected devices like webcams and digital recorders disrupting platforms like Twitter, Spotify, and PayPal.
Convergence of physical and cyber-security has been fronted as an effective strategy for improving physical and data security for organizations. Here’s a look at what it is, how it can reinforce IoT security, and some tips on seamless integration in your organization.
What is convergence?
Threats to digital and physical assets in an organization present a significant risk. Organizations have traditionally used a siloed approach in their protection. For example, physical security systems like CCTV, guard patrols, barriers and locks, and commercial intercoms protect physical assets. On the other hand, cybersecurity measures like ID authentication, firewalls, and application security systems are used to protect digital assets.
When digital and physical assets are interconnected, physical and cyber-security matters intertwine and previously visible differences are blurred.
Convergence is bringing together physical and cybersecurity systems to contribute and collaborate in neutralizing security threats targeting the enterprise. By adopting convergence, an organization is better placed to close the gaps and vulnerabilities between the two functions. It extends beyond the protocols and equipment used. To converge effectively, organizations need to adopt a unified approach that integrates multiple defense strategies; often under one security leader.
Here’s how convergence of cyber and physical security can reinforce IoT security.
Ways convergence can boost IoT security
Improves identification of the devices and their location
IoT security begins with a thorough knowledge of the devices and their physical location. One should know the types of devices available and where they are located. If left without a system to identify and locate, IoTs will be future hotspots for cyber attacks.
A robust physical security system enables easy identification and facilitates secure access. These two are crucial because they facilitate maintenance, updates, and management procedures which are vital for IoT security.
Once an internet-connected device is set up in an ambient environment, it is usually physically unprotected. As such, you may want to restrict access to a particular device to specific users. Authentication in such a case is a useful security procedure. It could come in the form of a username and password or other methods like digital signatures, access cards, and One-Time-Pins (OTP).
These methods help to boost security for your enterprise. But you can take it a notch higher and install physical security IoT devices, such as a wireless intercom system that can send a notification to cyber security systems if there is an unauthorized person using someone else’s credential to access a restricted area.
Boosts network security
IoT devices are often wireless and securing them could be challenging. Also, each device often uses a different operating system and standards. A smart light bulb will not be the same as a smart printer; the overall controlling system will have its unique operating system. You may have taken steps to protect your business from cyber-attacks. However, these network devices can be targeted by malicious attacks, especially when they require open inbound ports and permit unauthorized inbound communication.
One of the best ways to protect a network is by enforcing a change of weak default usernames and passwords. Convergence measures like bootstrapping and application security further enable the use of integrated data from these two systems to protect IoT devices from being hacked.
Why should your organization converge?
Convergence will boost your organization’s ability to:
- Seamlessly communicate across different security functions of the enterprise.
- Proactively identify physical and cyber risks and mitigate them. Convergence boosts your organization’s ability to build workflows, automation, and notifications that alert system admins when there are any gaps or breaches with IoT devices.
- Align security goals with overall organizational objectives.
- Better coordinate incident management.
With this in mind, the following tips will help seamless integration in your organization:
- Educate your team. They may not be aware that these gadgets could pose security vulnerabilities.
- Establish security policies to reflect the integration of physical and cyber-security measures.
- Be prepared for attacks.
Physical and cybersecurity measures are required to address the broad range of threats facing organizations today. Fortunately, professionals on both sides are positive about convergence. A survey by ASIS revealed that two in three professionals on either side were willing to work with their counterparts. Working together has significant profitability benefits. It also enables the deployment of better quality IoT devices, further reinforcing security.