Two weeks ago, Arnette Heintze posted a blog on the top trends in 2015 that Hillard Heintze experts believe will drive security risk management priorities this year. Trend #2 addressed the likelihood that the convergence of physical security and IT will continue to transform how security departments support the organization’s mission and deliver value.
In other words, if you don’t figure out how to align these two enterprise departments and cost centers – or at least get their physical security experts to talk to one another more frequently – you’re not just failing to manage your risks in both fields, you’re compounding them.
Take ransomware, for example.
The Risks of Ransomware Are Increasing
Many IT professionals agree this upcoming year will see a rise, and some believe an explosion, in cases of ransomware programs launched against businesses in the United States. In fact, one study has found that 88 percent of respondents were concerned about ransomware and 33 percent had already suffered an attack.
What is ransomware? A type of malicious code (malware) that restricts access to the computer system it infects. Unlike other malware, ransomware demands money from the system’s owner in order to have the restriction removed and the system to be “unlocked.” The reality is, ransomware is never really removed from the system. It remains dormant and re-emerges at a later time to extort additional funds from the user. Often the only solution is to wipe the system completely clean and start afresh. IT-Related Implications for Physical Security
Put your morning coffee down for a moment and think about what might happen if ransomware schemes were directed at the enterprise’s physical security controls. Just imagine the havoc ransomware or another form of malware could cause if the company’s access control system were seized and subjected to ransom. Employees could not enter their office building in the morning and personnel could be prevented from gaining access to vital internal rooms where physical files and network servers are stored.
In some cases this might be just a nuisance. Keys would be found and the doors unlocked. But in other cases, it’s not hard to imagine a scenario with serious business consequences.
What’s At Risk?
Hackers are currently targeting intellectual property, consumer financial information, and personal identification information. But as companies build new security features to combat this threat, hackers and extortionists will turn their attention to avenues of lesser resistance. Like physical security controls.
What Should You Do?
The answer depends, in great measure, on the individual technologies already employed by your organization, in both IT and physical security. But here are some common and critical tasks the organizations IT and physical security teams should take
- First of all, understand your current state in both areas.
- Ensure anti-virus software is up to date and the data backup and recovery plan copies data in places inaccessible from local networks
- Design and implement training of all employees on proper use of technology and the policies pertaining to everything from physical security to personal behavior.