Why Cyber Security Relies on Physical Security

We can no longer think about information security as a business process that is separate from physical security. These two aspects of business security and safety have been going through a period of convergence that has quickly accelerated over the last two decades.

An easy way to illustrate the convergence of information and physical security is to think about modern access control devices such as electronic locks that open through PIN codes entered on a keypad. As an example, one of these devices is kept under the surveillance of an IP camera allowing a record of people who enter restricted spaces, ensuring that staff members are not sharing security PIN codes.

Modern electronic locks and IP cameras are examples of physical security devices that connect to the Internet of Things (IoT), and they typically do so through business networks. What this means for business owners is that a network intrusion incident could put their physical security at risk. In our example above, hackers could access the IP camera and watch PIN codes entered on the electronic lock keypad. In other words, a compromised network becomes a danger to physical security.

We can also reverse the scenario above so that hackers are able to penetrate a network through IoT devices such as IP surveillance cameras. If the camera was installed without changing the default password set by the manufacturer, this could leave the door open to hackers wishing to sneak into a business network. In this case, a physical security issue resulted in a cyber security incident.

SynchroNet information security technicians know about the importance of paying attention to both physical and cyber security in the business world, particularly when the two are integrated by IoT devices such as lights, cameras, alarms, locks, and even cloud printers. When our technicians complete a SynchroNet security audit, they consider every piece of hardware that should be protected by physical security; this is not limited to devices that connect to the IoT but also certain situations that are often taken for granted. An example would be a server room in an office that lacks secure access control.

It is somewhat of a paradox to realize that IoT security devices such as IP cameras and sensors can actually pose physical security risks; however, it is crucial to accept this reality. Whenever you have a network of internet connected devices, they collectively become an attack surface with multiple endpoints that hackers are always willing to break into.