IFSEC Global hears from Manish Mehta, Chief Product Officer at Ontic on the importance of communication and collaboration of both physical and cyber security teams for 2023.
For corporate security teams and their budgets, 2023 is likely to be quite challenging. An unclear economic picture and proliferating threats will put greater pressure on both physical security and cybersecurity executives to manage costs, prove their value, sustain and try to grow funding.
Manish Mehta, Chief Product Officer at Ontic
Historically the dilemma for both cyber and physical security teams is they are considered successful when nothing bad happens. This makes showing their value to the larger organization, or even asking for additional budget, difficult. Too often, cyber and physical security teams work in silos in a way that hampers their ability to fully benefit from each others’ expertise. Though aligned on keeping the business safe and humming, the “language of security” may not be universally understood by outside colleagues, impeding communication and buy-in from those that control the corporate pursestrings. These are just some of the reasons the full scope of their value will not be recognized or realized by an organization.
I think 2023 is the year all security executives, no matter where they reside, must change how they operate and communicate – they have the opportunity to educate their management about what they do in easily digested ways, and to prove their worth.
Highly intuitive and naturally disciplined, these professionals must lean in to these strengths to prove their value. But they should also use them in new and different ways, such as benchmarking initiatives to known internal historical data, tapping 10k reports to identify company risks and goals to which security programs can tie, and for comparison to risks and losses of competitors and peers.
By working together, by breaking down traditional silos that prevent each side from sharing resources and information, cybersecurity and physical security teams can better explain that the whole is worth more than the sum of their parts. They need to nimbly unite to support the business, scaling as needed to address current risks and those on the horizon.
To further understand why, it’s important to look at the growing threats to cyber-physical systems.
If you were to search on Google for “cyber-physical attacks in 2022”, concrete examples would be few and far between.
That doesn’t mean they aren’t happening.
For example, nearly half (45%) of shipping executives recently surveyed said they experienced a cybersecurity breach. For 36%, those breaches targeted the facilities’ supervisory control and data acquisition (SCADA) systems – the industrial controls that operate and monitor industrial systems, according to a Jones Walker Ports and Terminals Cybersecurity report.
And who was responsible for these attacks? In some cases, it was organized crime using ransomware and motivated by money, and nation-states doing who knows what. But also activists and insiders close to the company are responsible.
When it comes to insider threats and activists, perpetrators often use social media to voice their discontent before they take action. Cybersecurity teams have systematized flagging bizarre behavior that unauthorized IT network access can indicate. Many times co-workers are aware when a colleague is disgruntled. Trained to identify, de-escalate and mitigate flares, executive protection experts are also keenly aware of the potential vulnerabilities of travel routes CEOs may take to regularly occurring meetings or events. If this multi-faceted array of threat information isn’t being shared across both teams, the organization isn’t seeing the full picture.
The benefits of cyber-physical security collaboration extend to every industry. A recent study indicated that many of the threats experienced by physical security, cybersecurity, and IT executives at their respective companies could have been avoided if teams were able to share and use a common set of data and information. A United States Cyber and Infrastructure Security Agency (CISA) guide echoes these points: “When physical security and cybersecurity divisions operate in silos, they lack a holistic view of security threats targeting their enterprise,” reiterating why there is much work to be done in this space in 2023 and beyond.
To further alignment, it’s important for cybersecurity executives to ask what they should be looking for online that might indicate a physical threat? How can the intelligence they gain help physical security teams prevent a threat from materializing? This collaboration to identify unusual activity or threatening online behavior is also instrumental for on-the-ground professionals addressing threats.
Overcoming silos within their organization in order to achieve a complete picture of the threat landscape is often seen as an insurmountable challenge for which there isn’t the time or budget. But as the volume and vastness of threats only grows in their interconnectedness and complexity, physical and cybersecurity teams at companies of all sizes and industries must prioritize connecting their missions and actions to larger business objectives and data points.
Deeper understanding, agreement and unified pursuit of strategies that support the organization’s goals can go a long way toward building a foundation of value. Proactively showing management where resources should be allocated or consolidated – including disparate tools used across the business – and quantifying them using established measures, can illustrate operational savvy and preempt spending scrutiny at a time when it is ratcheting up. No one is saying this is simple or easy. It means changing ingrained behaviors and ways of working that, for a long time, have not been questioned. But every specialization and expert evolves in order to be more effective and grow.
When it comes to security, the time to validate value is now.
The physical access control market is moving fast. Find out where you stand with the latest edition of IFSEC Insider's comprehensive 2022 State of Physical Access Control trend report, covering all the latest developments within the market. We assess the current technology in use, upgrade plans and challenges, and major trends on the horizon after receiving the views of over 1000 security, facilities and IT professionals.
Get your copy for free today.
