Companies meet the threat of online fraud head-on

High-Tech Hackers

Driven by the age-old lure of easy money, many of today’s criminals are using high-tech cyber crimes and sophisticated building entry methods to commit identity theft and financial fraud. Organizations need to invest in information management and security technology to protect themselves against the evolving threat landscape.

Security has long focused on preventing break-ins to physical facilities and the IT infrastructure. However, instead of a reactive approach to improving security in the face of experienced threats, organizations are now being more proactive in establishing security policies. Companies are building systems that integrate all of an organization’s physical and logical security to better defend the business and protect the privacy of customers and employee data.

Contrary to conventional wisdom, these culturally and technologically disparate worlds of physical access control and IT network protection are closely linked, and existing assets are currently being leveraged in a converged solution.

Data Leakage
The role of security is changing dramatically. As technological capabilities have finally caught up with security theory, many organizations are experiencing the convergence of physical and IT security for unified enterprise security management. And as these companies are realizing its benefits, the industry is beginning to redefine the role of security. Why the renewed push for convergence in security structures? How are physical and IT security related, and how will one affect the other in the long run?

The driver behind today’s movement toward converged IT and physical security is the realization that a data breach can be extremely costly to an organization. Hardly a day goes by when a high-profile data breach that has compromised the personal information of employees, citizens or customers isn’t in the headlines. A recent study shows that the majority of these breaches are enabled by the theft or loss of physical property, such as laptop computers and portable storage devices (e.g., USB drives). However, computers compromised by malicious software, called malware, are another leading cause of a data breach. Organizations must create a unified security policy that addresses the physical security of computing systems and portable storage media and the IT security policy for the kind of data that can reside on these media.

On the IT security side, organizations must decide whether to require hard-drive encryption on all employee laptop computers or to install software that prohibits the use of USB drives on company computers. In addition, information control policies should specify clearly what kind of information may be stored on laptop computers.

On the physical security side, traditional and new loss protection steps must be employed. Laptop cable locks should be used not only in hotels and meeting spaces, but also when the laptop is locked in the car. USB drive use should be prohibited or, at least, controlled. It’s possible for organizations to install RFID systems on USB drives for employees who are authorized to use them.

Within the organization’s IT infrastructure, network security issues are changing daily, and it is often difficult to keep up with the current threat landscape. Attacks are becoming more sophisticated, and organizations are facing new and increasingly dangerous security threats. Random threats that once plagued the enterprise are not what they used to be—as attacks are evolving into clever, targeted schemes that are finding ways to compromise computers, steal data and seriously affect network systems. To combat these new threats, security strategies need to evolve at the same rate—with organizations being more proactive in their security strategies, moving beyond simple detection to implementing technologies and techniques that proactively block malicious traffic—without degrading network quality.

Security Siblings
Both sides of security each strive for greater, tighter controls across an enterprise while still enabling business. The physical aspect protects organizations by preventing entry from unauthorized users and by protecting the loss of property. The IT side protects intellectual property and customer data by deploying technologies such as firewalls, network admission control and intrusion prevention systems to prevent network attacks. It only makes sense that these two seemingly different systems can work together to not only enhance a company’s security posture, but also protect the continued operation of the enterprise.

Network security and physical security are similar in nature, so much so that they can be characterized as siblings separated at birth.

IT network security almost always starts with a network firewall, which provides controls of whose computer can access which systems. The firewall is like a receptionist with a door buzzer in the physical realm. The receptionist “signs you in” if you don’t look like a bad guy (authentication), “buzzes you in” afterward (access control), but then doesn’t know what you’re doing while you’re behind the closed door. If you appear to be untrustworthy, or do not have your badge, then the receptionist does not allow you access to the facility.

The IT network intrusion detection system is very much like a closed-circuit video camera system. It’s useless for protection unless there is a diligent and insightful staff to watch it all the time. Such staff can see activity—who’s coming or going and if they’re trying to pick the lock or break down the door.

Organizations are now deploying network IPS in their IT infrastructures. These devices operate similarly to a firewall, but with much more thorough inspection of the traffic coming into and out of the network.

In the physical security world, the IPS would be best represented by the previously-mentioned receptionist followed by a metal detector, a bomb-sniffer, an X-ray machine and a pat-down searcher. Only after a thorough inspection is the visitor allowed to gain access into the facility. In addition, visitors are scanned upon exit of the facility, as well.

The Need to Converge
As the threat landscape changes, the critical threat of the data breach is driving a need to converge physical and network security. No longer is it sufficient to make sure that physical property is not stolen from the facility. It also is important to help employees secure laptops at home, in transit and at remote office locations.

Securing company data requires proactive steps from both the IT security and the physical security elements of an organization. A unified security policy, covering both IT and physical security, is the effective way to reduce risks and losses associated with a data breach.

Featured

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3