The risks and rewards of meshing physical and cyber security
Security is undoubtedly a primary focus for any organization, particularly in this digital age where assets extend beyond the physical to include virtual assets such as data. The emergence of cloud or Internet-based devices, such as smart meters and smart CCTV cameras, is expanding the reach of traditional security measures and enabling a host of heretofore unknown benefits.
For most industries traditional security mechanisms such as perimeter and access control are still of vital importance. Technology has, however, introduced new ways for these to be managed and automated. These technologies are yielding faster response times and improved security. Meshing technology with physical security can vastly improve the overall security landscape for any organization.
Introducing Internet of Things (IoT) devices into an operational environment aids the reduction of many health and safety risks. These can range from smart cameras for surveillance, to sensors implanted on vehicles which track and trace progress, prevent breakdowns and enable pre-emptive maintenance. For example, sensors can quickly identify gas leaks, enabling quick resolution. Another example would be IoT-enabled construction equipment, which help avoid collisions or load-related accidents. Technology is making the industry safer.
There is a flip side to this however, as advanced technology also introduces a number of threats into security environments. Operations of organizations in entirety can be brought down by cyber-attacks, launched on a seemingly innocuous piece of technology such as a sensor or smart device.
Recently, a casino in Las Vegas was infiltrated via its fish tank, albeit a very high tech fish tank connected to a wireless access point - the intent being to steal data. Fortunately, technology also came to the rescue in this case, as the systems were closely monitored and the hackers could be stopped before too much damage was done. Another recent attack saw an entire critical infrastructure plant’s operations being shut down due to hackers accessing and taking control of an Internet enabled workstation.
The likes of these attacks highlight how effectively cyber criminals can damage or cripple an entire business in a matter of minutes. In certain industries where health and safety are of paramount import - such as mining, oil and gas, engineering and health- the derailing of infrastructure and the halting of operations can cause more than simply financial or reputation damage - there are lives at stake.
A challenge facing industries such as those involving chemical plants, mines and oil & gas organizations, is that technology can also introduce physical threats. WiFi, for example, can cause a fire hazard in environments sensitive to sparking. In such cases, organizations need to investigate alternative, environmentally suitable technologies to bring these sites onto their cyber security network, and maintain central surveillance, access control and identity management.
Access, both physical and network, is the area that businesses need to closely monitor and secure. Physical access is critical and ensures only the right people gain entry to the right areas of a business at any given time. Technology is allowing businesses to apply the likes of biometrics to manage access enabling quicker, more accurate access control.
From a virtual access and data security point of view, it is critical that organizations implement proper identity controls such as authentication and passwords, as well as multiple layers of encryption across their data-at-rest and data-in-motion.
Integration and centralization is critical in order to properly manage and monitor all of these technology-backed security measures. Businesses need to ensure that the security technology they invest in, from physical to cyber, is capable of integrating with a central management platform from which they can efficiently and effectively control their entire security environment.
It’s also important to have the right security policies and processes in place, so that organizations are able to follow proper protocol in times of breach, or when a risk is identified. This is especially important as new regulations emerge, such as the Protection of Personal Information (PoPI) Act and the General Data Protection Regulation (GDPR). Such regulations will be pivotal when redefining data security policies and are likely to have a larger impact on sectors such as the financial, retail, and insurance sectors.
Budget and security concerns are likely to come up against each other, as businesses weigh risk against costs. Costs, however, will be in line with the risks, which inevitably vary across different industries. For many organizations where it is less critical for security to be wholly controlled within the business, opting for Security-as-a-Service will be a win-win answer to the risk vs cost debate.
Sanjay Vaid, Practice Director of Cyber Risk Security at Wipro Limited
Legend: John McAfee
John McAfee is credited with starting the entire cybersecurity industry. In 1987, he set up McAfee Associates and released VirusScan. Previous antivirus programs had been released, but McAfee’s was the first with mass appeal and was soon a day zero (or at least day one) installation for Windows users as well as corporate clients.
But McAfee was also a hugely divisive character. He dismissed his own software, claimed he never used it, and rejoiced when Intel bought McAfee and took his name off “the worst software on the planet.” He was anti-tax, pro-drugs, anti-war and pro-free trade. He was also a tireless crusader for cyber awareness, and set up a political party called the Cyber Party in order to make a bid for the office of president of the US.
“I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet”
McAfee: born in the UK
McAfee was born in Gloucestershire, UK, but moved to Salem, Virginia, where his American father (his mother was English) shot himself when McAfee was 15. McAfee worked at NASA, Univac, Xerox, Computer Sciences Corporation, Booz Allen Hamilton and Lockheed. It was while working at the latter he was given a copy of Brain, the first computer virus for PC, and began to engineer a defence.
Controversy dogged McAfee. He was implicated as a ‘person of interest’ in the search for a neighbour who had been shot. He married a prostitute. He claimed a cocaine baron was writing his biography. He was arrested for possession of an unlicensed weapon and for manufacturing drugs in Belize (later released without charge). There were various other arrests (mainly weapons related) but not much would stick until McAfee’s anti-tax stance caught up with him.
He fled the US as tax authorities turned up the heat on at least four years of non payment of tax and was arrested (again) in Spain in October 2020 at the behest of the US Department of Justice. Charges for fraudulently promoting cryptocurrencies were soon added and he was formally indicted in March 2021. In June 2021, the Spanish National Court authorised McAfee’s extradition to the US, and McAfee was found dead in his cell just hours later in what is widely believed to be a suicide.
Even in death, McAfee courted controversy, having announced that if he was ever found to have committed suicide, it would mean he had been murdered. A slew of conspiracy theories mushroomed in the hours after his death was announced. It’s just what he would have wanted.