News

Physical and Digital: The need for a blended approach

12 May 2017

If you switch on the news you are most likely going to hear the word ‘hack’ or ‘hacking’. Now synonymous with cyber crime and cyber security, hacking is a very real threat that dominates a lot of media attention. Just last week there was a large scale cyberattack on the NHS that meant that several IT systems were down and infected with ransomware. This has led to neglect of the more archaic, yet no less important, physical security. This kind of security is the most physically visible; fences, locks, security guards, etc. Physical security makes us feel safe in a world of terrorist attacks and bomb threats. These two fields of security may feel vastly different, near polar opposites. It is true that the landscape of this industry has changed a lot, but these two styles are intertwining at an increasing rate. This blending of methods only benefits the security of our buildings, homes and lives further if it is done properly.

A blended approach is paramount for more and more companies as people have realised the impact technology can have. With technologies dominating our lives, products such as computer controlled locks no longer belong to the sci-fi genre but are realities in people's homes. So much so, that a booming industry for the "Internet of Things" (IoT) and smart devices has developed. These advancements have affected not only businesses but our homes; we are seeing the impressive potential of Amazon’s Alexa when it’s incorporated with lights and curtains. Imagine what that power can give to a business. How much you could automate and save, how much more efficient everything can be. Now visualise what would happen if a businesses’ system got corrupted and forced to work against you? Picture if, instead of the NHS being locked out of their computers, the smart locks on their doors wouldn’t open or the power was switched off; this is why security, both cyber and physical, needs to be paramount for all parties.

Once there was a time where the IT department and the security department rarely mingled. When there was an issue with hacks, or viruses, or ransomware you would hear: "That is the IT departments' problem". Equally, when there was an unauthorised person appearing on CCTV, the security department would be responsible. CCTV is no longer hardwired. Instead, we use IP Cameras that run through the internet. More advanced computer systems than ever before manage access control and more. The truth is these advancements in technology definitely make us safer, but only through collaboration. We now recommend adopting a combined approach to security from the outset because even small businesses need to consider the implications of a breach in their systems. With GDPR coming into effect, the security of your clients data - both digital and hard copies - needs to be top notch. For example, imagine all of your clients data is stolen from you and exploited, simply because someone walked in, sat down at an unlocked computer and took it? Or, you could end up like that poor unfortunate soul in Ukraine who opened an email with a phishing link which led to ransomware shutting down the power grid? Or your business could be the victim of a similar cyberattack to the one that ransomed the NHS for money. Or an email could delete vital patient data that could save a person’s life. Imagine if that was your client’s personal data?

To really drive the point home think of it like this:

Cyber

Don't use simple, easy passwords, make them hard to guess and change them often.

Make sure devices lock themselves if not being used.

Detect network breaches.

Physical

Don't install simple, cheap locks and make sure the keys are hard to copy.

 Lock the doors!

Detect intruders.

 

You get the idea.

So how can we realistically combine these two disciplines? Let us take IP Cameras. CCTV cameras have been the backbone of physical security for years and now, with modern technology, they are wireless. This means there needs to be strict cyber and physical access restrictions that ensures the system is safe. You don't want hackers accessing your cameras remotely, nor do you want them wandering into your control room because the door was unlocked.

Another example of physical and cyber security working together is access control. With the advent of NFC cards, which act as keys to locks, there have been multiple problems. Take the case of the Austrian hotel (link here) that had its room access system hacked. No room keys worked or could be issued until the ransomware was paid. This kind of cyber attack is becoming increasingly common and, with more parts of access control being digital and connected to the IoT, there needs to be strong security both online (software/hacking) and offline (hardware sabotage). Ron Gregory, vice chair (north) of the National Association for Healthcare Security has stated:

“Many NHS trusts operate their physical security separate to their cyber-security. That's not saying everyone does but you can see the problem there straightaway.”

The increasing reliance on smart buildings with management systems operating everything from heating to fire suppression to access control poses another complication. Taking out those management systems could spell chaos for a busy hospital.

“The NHS is a huge organisation, said Gregory and, “countering the insider threat is going to be hugely complex if not impossible.” The NHS employs more than 1.5 million people, making it the largest employer in the UK and one of the largest in the world, leaving ample chance for rogue insiders to compromise NHS systems.

Gregory, who comes from the world of physical security told the audience, “we cannot just rely on walls, locks and people anymore”. Physical security, he added, “needs to support cyber-security, they cannot work in isolation.”

Now this may have been a brief overview of how the needs of security are changing both the physical and cyber disciplines, but the message remains the same; you need a quality solution that combines the best of these for your business. It doesn't matter about size or budget, there are programs that can scale and tailor to your needs. What is imperative is that your business remains safe.

Back to News