Strengthening physical security could stop an attack before it happens and potentially save your organization from significant financial damages.
Physical security is the protection of people, property, and physical assets from different actions and events that could potentially cause harm, damage, or loss. Believe it or not, physical security is equally as important when determining how secure an organization is and is a large part of the network security process. Many social engineering campaigns focus on attempting to access restricted sites and buildings using various deception and impersonation tactics. There are cases where attackers or threat agents have been able to bypass security officers or checkpoints and physically enter an organization simply by exploiting the weaknesses that all unsuspecting humans have. Most people will try to help someone to the best to their ability and fail to realize that they may have let a threat agent into buildings or departments with restricted access. According to the Cost of Data Breach Report 2020, conducted by the Ponemon Institute and published by IBM Security, 10% of malicious breaches included in the study were a result of a physical security compromise. This equates to $4.36 million in damages in a single year.
Ensuring that your organization does not fall victim to attacks executed from within your own physical environment is essential. Depending on the type of organization and building location, often times there is a security guard or receptionist that validates the identity of people entering the building. Buildings that only use proximity badges need to be careful and ensure that people coming into the building are wearing authorized badges. If someone does not have the proper badge, who they are and who they are trying to reach must be confirmed so that a threat agent does not gain unauthorized entry to buildings or office space.
Physical security also involves preventing unauthorized entry to server rooms or other restricted areas. There are various ways that physical security can be evaluated and performing physical control reviews routinely can evaluate how effective these controls are. As discussed in CIS Control #1, reviewing your current asset management control ensures all enterprise assets are identified and helps determine which assets need to be monitored. Taking inventory and control of enterprise assets will also support efforts to identify unauthorized assets that need to be removed or remediated. An accurate inventory of assets is especially valuable in the event of a physical breach so that it is easier to identify suspicious activity. This also extends to software, as discussed in CIS Control #2. A secure network needs to identify and assess the software that is installed on each machine, especially if it is not pre-approved. Some software has chronic security issues, weak security design, or could be hiding malware. Without a complete inventory of software assets, you cannot truly determine vulnerabilities in software.
There are many other aspects of physical security that should be considered in regard to cybersecurity. Security cameras should be checked to ensure optimal surveillance, ports available in public areas should be disabled, access to secure buildings should be monitored and controlled, and entrance and exit points should remain locked when appropriate or not regularly used.
Physical security should also be included in your organization’s awareness training exercises. Reminders about how to display identity badges and how to prevent tailgating into sensitive areas will reduce the threat of unauthorized access. Reminders about proper shredding procedures and desktop sanitization will reduce the risk of information disclosure. Finally, ensuring that staff know how to recognize and report potential threats is essential to maintaining awareness at the management level.