Companies meet the threat of online fraud head-on

High-Tech Hackers

  • By Mike Paquette
  • Nov 05, 2007

Driven by the age-old lure of easy money, many of today’s criminals are using high-tech cyber crimes and sophisticated building entry methods to commit identity theft and financial fraud. Organizations need to invest in information management and security technology to protect themselves against the evolving threat landscape.

Security has long focused on preventing break-ins to physical facilities and the IT infrastructure. However, instead of a reactive approach to improving security in the face of experienced threats, organizations are now being more proactive in establishing security policies. Companies are building systems that integrate all of an organization’s physical and logical security to better defend the business and protect the privacy of customers and employee data.

Contrary to conventional wisdom, these culturally and technologically disparate worlds of physical access control and IT network protection are closely linked, and existing assets are currently being leveraged in a converged solution.

Data Leakage
The role of security is changing dramatically. As technological capabilities have finally caught up with security theory, many organizations are experiencing the convergence of physical and IT security for unified enterprise security management. And as these companies are realizing its benefits, the industry is beginning to redefine the role of security. Why the renewed push for convergence in security structures? How are physical and IT security related, and how will one affect the other in the long run?

The driver behind today’s movement toward converged IT and physical security is the realization that a data breach can be extremely costly to an organization. Hardly a day goes by when a high-profile data breach that has compromised the personal information of employees, citizens or customers isn’t in the headlines. A recent study shows that the majority of these breaches are enabled by the theft or loss of physical property, such as laptop computers and portable storage devices (e.g., USB drives). However, computers compromised by malicious software, called malware, are another leading cause of a data breach. Organizations must create a unified security policy that addresses the physical security of computing systems and portable storage media and the IT security policy for the kind of data that can reside on these media.

On the IT security side, organizations must decide whether to require hard-drive encryption on all employee laptop computers or to install software that prohibits the use of USB drives on company computers. In addition, information control policies should specify clearly what kind of information may be stored on laptop computers.

On the physical security side, traditional and new loss protection steps must be employed. Laptop cable locks should be used not only in hotels and meeting spaces, but also when the laptop is locked in the car. USB drive use should be prohibited or, at least, controlled. It’s possible for organizations to install RFID systems on USB drives for employees who are authorized to use them.

Within the organization’s IT infrastructure, network security issues are changing daily, and it is often difficult to keep up with the current threat landscape. Attacks are becoming more sophisticated, and organizations are facing new and increasingly dangerous security threats. Random threats that once plagued the enterprise are not what they used to be—as attacks are evolving into clever, targeted schemes that are finding ways to compromise computers, steal data and seriously affect network systems. To combat these new threats, security strategies need to evolve at the same rate—with organizations being more proactive in their security strategies, moving beyond simple detection to implementing technologies and techniques that proactively block malicious traffic—without degrading network quality.

Security Siblings
Both sides of security each strive for greater, tighter controls across an enterprise while still enabling business. The physical aspect protects organizations by preventing entry from unauthorized users and by protecting the loss of property. The IT side protects intellectual property and customer data by deploying technologies such as firewalls, network admission control and intrusion prevention systems to prevent network attacks. It only makes sense that these two seemingly different systems can work together to not only enhance a company’s security posture, but also protect the continued operation of the enterprise.

Network security and physical security are similar in nature, so much so that they can be characterized as siblings separated at birth.

IT network security almost always starts with a network firewall, which provides controls of whose computer can access which systems. The firewall is like a receptionist with a door buzzer in the physical realm. The receptionist “signs you in” if you don’t look like a bad guy (authentication), “buzzes you in” afterward (access control), but then doesn’t know what you’re doing while you’re behind the closed door. If you appear to be untrustworthy, or do not have your badge, then the receptionist does not allow you access to the facility.

The IT network intrusion detection system is very much like a closed-circuit video camera system. It’s useless for protection unless there is a diligent and insightful staff to watch it all the time. Such staff can see activity—who’s coming or going and if they’re trying to pick the lock or break down the door.

Organizations are now deploying network IPS in their IT infrastructures. These devices operate similarly to a firewall, but with much more thorough inspection of the traffic coming into and out of the network.

In the physical security world, the IPS would be best represented by the previously-mentioned receptionist followed by a metal detector, a bomb-sniffer, an X-ray machine and a pat-down searcher. Only after a thorough inspection is the visitor allowed to gain access into the facility. In addition, visitors are scanned upon exit of the facility, as well.

The Need to Converge
As the threat landscape changes, the critical threat of the data breach is driving a need to converge physical and network security. No longer is it sufficient to make sure that physical property is not stolen from the facility. It also is important to help employees secure laptops at home, in transit and at remote office locations.

Securing company data requires proactive steps from both the IT security and the physical security elements of an organization. A unified security policy, covering both IT and physical security, is the effective way to reduce risks and losses associated with a data breach.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Surveillance Cameras Provide Peace of Mind for New Florida Homeowners

    Managing a large estate is never easy. Tack on 2 acres of property and keeping track of the comings and goings of family and visitors becomes nearly impossible. Needless to say, the new owner of a $10 million spec home in Florida was eager for a simple way to monitor and manage his 15,000-square-foot residence, 2,800-square-foot clubhouse and expansive outdoor areas. Read Now

  • Survey: 72% of CISOs Are Concerned Generative AI Solutions Could Result In Security Breach

    Metomic recently released its “2024 CISO Survey: Insights from the Security Leaders Keeping Critical Business Data Safe.” Metomic surveyed more than 400 Chief Information Security Officers (CISOs) from the U.S. and UK to gain deeper insights on the state of data security. The report includes survey findings on various cybersecurity issues, including security leaders’ top priorities and challenges, SaaS app usage across their organization, and biggest concerns with implementing generative AI solutions. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3