In the days of old, you know - three or four years ago, it was common for security personnel to think of physical security & virtual security as two separate entities. Today, with the advancement in both sectors they can be safely rolled into a single heading of "Security." In the following sections we'll be exploring some of the similarities between physical security and virtual security, as well as some of the market trends surrounding both.
You may be surprised to learn that the physical security world shares much of its terminology with the virtual security world. Below are just a few abbreviated examples:
Physically the flow of people/resources is controlled into a secured physical space based on a set of predetermined criteria.
Virtually, the flow of connections and data into and out of a protected virtual environment is controlled based on a predetermined criteria, including reputation and origin.
Physically a defined space is monitored to ensure the right people are doing the right things. The goal being to notice/be alerted when the wrong people show up or the wrong things are happening in the space. This is accomplished with various access control and monitoring devices/technologies.
Virtually, a private network is monitored using purpose-built software & devices to determine if the right people are on the network and if they are doing the right thing. If someone wrong shows up and/or someone right starts doing the wrong thing then alerts are generated and a response can be determined/dispatched.
Physically responding to a threat can include a wide variety of tactics - dispatching guards, locking doors, calling the police, evacuating personnel and even destroying sensitive information.
Similarly, responding to a virtual threat can involve many different tactics - terminating specific connections to the environment, shutting down certain pieces of machinery, blocking connections from a certain region, deleting sensitive information before it is compromised and even unplugging an entire environment.
An extremely important component to any security fabric is Intrusion Detection. Both physically and virtually, Intrusion Detection focuses on pinpointing unauthorized access to a part, or entirety, of a secured or restricted space. That unauthorized access can come in the form of picking a lock, breaking down a door, falsifying a badge to bypass access control OR emailing a piece of ransomware to a company, hijacking an authorized users connection or brute-forcing a password into a protected server - intrusion is intrusion. And is the job of the security provider to detect it, respond to it and prevent it from happening again.
Detect, Respond, Prevent - three staples of any security mission to protect a business, employees and critical/sensitive data. And let's not forget the lost production time if an intrusion does occur - whether time to fill out a police report and replace broken doors/glass/desks/safes or time to rebuild a network and scour for residual effects of a successful network hack.
Below we'll list a few of the operational and definitive commonalities for both the physical and virtual security sectors.
In order to respond to a threat the threat must first be detected. There are numerous ways a threat can be detected - with the most common, but certainly not only, methods below.
- Surveillance detecting something wrong
- Employees reporting an issue
- Active Security running across a threat
- Proactive Knowledge (known criminals and offenders)
- Failed or Active attempts to carry out an attack
Once a threat is detected it must be responded to. Like detection there are many ways in which a response can be issued. The response method will primarily depend on the severity of the threat and the stage at which the threat has reached - meaning are they inside the company, still planning their attack, just starting their attack etc. A few of the more common threat responses are listed below:
- Dispatching a Response Team to neutralize the threat
- Contacting authorities
- Locking down the part of the company the threat is occurring in
- Locking down the entire company / building until the threat is neutralized
- Evacuating employees & sensitive data
Preventing a threat and attack on a business is a two pronged approach - both proactive and reactive. Proactively known threats must be monitored and their access restricted. Reactively threats must be analyzed and a preventative strategy put into place once they occur and are mitigated. Proactive and reactive prevention strategies can include:
- Updating surveillance systems with information on known threats
- Notifying security & response teams of known individuals
- Updating response & surveillance measures with regions/locations of origin for known threats
- Updating response & surveillance measures with known strategies / methods of known threats
- Changing company layout and processes to make them more secure / guard against known threat strategies
At the end of the day all (ok, most) security experts will agree that securing assets is mission critical and one of the highest priorities for a company. Marrying security solutions that protect both your physical and virtual landscape is more critical than ever in today's global environment - and the virtual threats will only continue to rise in the future.
As a last note I'll touch on "securing your security." Many of the devices that are implemented in the physical security sector are network-connected and/or network-capable...meaning they are at risk for being hacked. There has been a marked rise over the last 12 months of security cameras and other security devices that are hijacked by hackers and utilized (in whole or part) as a "bot net" or other such malicious virtual weapon.
Protecting your protection is now a major consideration when considering virtual threat solutions (like GEMS from STP Ventures, LLC!) When cameras and other devices are taken over by hackers not only can they be used as a very effective malicious tool against other businesses, the business also sacrifices precious uptime, production and budget remediating and then mitigating the threat.
In summary, I'll leave you with this final thought. The days of the "Physical Security Director" and "IT Security Director" as separate positions are coming to an end. Today, those positions have merged into a single "Security Director" title. A necessary evolution as the complexity and sophistication of virtual threats to companies continues to grow day-by-day.
If you're not sure if your security measures are up-to-par or are interested in bringing a virtual security solution to your clients, please reach out to me directly at firstname.lastname@example.org / 704.305.6217.