![]() ![]() The pandemic, civil unrest related to the January 6 insurrection, and an increase in gun violence have made CISOs and other executives more concerned about physical security, including the well-being of themselves and their employees. One notorious example of physical security failing saw a Chicago colocation site robbed four times in two years, with robbers taking 20 servers in the fourth break in. While the cost of successful digital attacks keeps increasing, physical damage to your assets can be just as harmful. Turnstiles or similar barriers that have movement sensors on the exits can also easily be opened by putting a hand through to the other side and waving it around. Smoking areas, on-site gym entrances, and even loading bays may be left unguarded, unmonitored and insecure, he says. “They'll put all of the security in the front door surveillance cameras, security guards, badge access, but what they don't focus on is the entire building of the whole.” One of the most common errors a company makes when approaching physical security, according to David Kennedy, CEO of penetration testing firm TrustedSec, is to focus on the front door. Rigorous controls at the outermost perimeter should be able to keep out external threats, while internal measures around access should be able to reduce the likelihood of internal attackers (or at least flag unusual behavior). Attackers could steal or damage important IT assets such as servers or storage media, gain access to important terminals for mission critical applications, steal information via USB, or upload malware onto your systems. ![]() Physical attacks could be breaking into a secure data center, sneaking into restricted areas of a building, or using terminals they have no business accessing. It could be keeping the public at large out of your HQ, on-site third parties from areas where sensitive work goes on, or your workers from mission-critical areas such as the server room. While it could be from environmental events, the term is usually applied to keeping people – whether external actors or potential insider threats – from accessing areas or assets they shouldn’t. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |