The Convergence of Cyber and Physical Security: Strengthening Your Security Posture

Twenty years ago, what happened in cyberspace stayed in cyberspace. Today, not so much. Cyber and physical threats are converging, driving big moves in the security game. With the launch of our enhanced ZeroFox Physical Security Intelligence solution, we want to highlight the shifting cybersecurity climate changes that have made this new solution essential.

Today, Physical Security Is Cybersecurity

It's clear that risks like civil unrest, shootings, natural disasters, and travel advisories pose physical security threats. However, these real-world dangers also have digital implications. When human vulnerabilities are linked to cyberspace, the harm becomes unified, regardless of whether it originates from a physical or digital vector. A violation of privacy, data, or trust—by any means—equally jeopardizes individual safety. 

Physical threats against businesses, their executives, and their facilities have been on the rise. Take these recent examples:

• Forbes notes the uptick in physical attacks on U.S. utilities, exclaiming, “as if cyber-attacks were not enough of a security concern, physical attacks by domestic terrorists on the U.S. Energy Grid are an increasing threat.” They then cite that per data from the Department of Energy (DOE), physical attacks on the grid rose 77% in 2022.
• According to the 2022 State of Protective Intelligence Report, a study commissioned by the Ontic Center for Protective Intelligence, 88% of US companies are experiencing a dramatic increase in physical threat activity.
• Onsolve's 2022 Global Risk Impact Report cites significant increases in three rising threats globally in 2022 when compared to 2021: infrastructure and technology (up 688% globally and 807% in the U.S.), transportation accidents (increased 211% globally and 296% in the U.S.) and extreme weather (up 72% globally and 42% higher in the U.S.).

As is evident, real-world threats are slipping into cyberspace and vice versa. While this is not a new concept, it is exacerbated by the explosion of public channels, websites, and forums. As we’ve witnessed an increase in hyper-connectivity, we’ve also seen a correlative dip in monitoring across these spaces. Security teams are overstretched and overwhelmed, and the addition of greater cyber-physical interplay has made it harder to keep up. 

It’s becoming incredibly difficult for SOCs to manually track everything happening online (especially social media, as it’s impossible to search through millions of posts daily to validate real threats). That’s the real problem: threats are on the rise, and security teams don't have the resources to adequately vet them and alert the right people rapidly.

However, this only emphasizes the fact that each SOC needs to be able to monitor both kinds of threats. That means not only best-in-class cyber threat intelligence but also to-the-minute physical security intelligence. Balancing both these significant threat vectors is crucial for a comprehensive external cybersecurity strategy—organizations can't afford to prioritize one over the other any longer.

The concept of combining cyber and physical security is not new – in fact, it’s in vogue. And why wouldn’t it be when we saw a 688% (yes) increase in physical threats to global corporate infrastructure over the course of a single year? Apparently, others saw it, too, because 43% of IT and security pros are looking to invest in cybersecurity-related tools to improve physical security in 2023. Plus, 50% of all asset-intensive organizations will converge their cyber, physical, and supply chain security teams under one head by 2025.

Bearing the Burden of an Additional Security Load

Given the current cyber talent crisis and the challenges of staffing a traditional SOC, we recognize the scarcity of seasoned experts in the field and the limitations of achieving a fully cyber-physical defense strategy. That's why ZeroFox is creating the tools and services that can bring this converged level of protection to any enterprise that needs it, no matter the current state of its security roster or capabilities.

It’s hard enough to keep up with the demands of security – now we’re going to add in a whole parallel level by sewing in an entire physical security element (replete with its own demands, staff, threat intelligence, data classification, etc.)? This can be a severely overwhelming blow for any strained security team. And yet this is what true zero-trust protection requires in 2023 and beyond. 

For context, here’s a sampling of what SOCs have to deal with daily just to keep up with the vast amount of data on the surface, deep, and dark web.

• There are roughly 350,000 tweets per minute. 
• In the U.S., the average person has 7 social media accounts; in India, it’s up to 11
• Over 3 billion people use Facebook worldwide
• Instagram claims no less than 2.35 billion monthly active users
• Twitter processes over 3,000 images per second

That’s A LOT of data. Security teams can’t possibly sift through that without the aid of technology. And that’s where cyber threat intelligence comes into play.

Enhancing Physical Security with Cyber Threat Intelligence

Before we dive too deep into “how” physical security will get done, let’s first establish what needs doing and how willing (and able) organizations are to do it.

You need to map physical threats, but before that, you need to identify and validate them; that is the cyber component. Technology flags the potential threats on online channels and then hands them over to humans. That's where the real work begins. Human analysts:

• Validate that the threats are real
• Provide additional context (the who, what, when, why, and how) 
• Then begin mapping by categorizing, tagging, and geocoding the incidents globally 

The mapping solution – like a heat map of sorts – will let organizations determine the hotspots of malicious physical activity. Knowing your enemy is good, but sometimes it's better to know where they are. And then, it's on to data analysis, processing, and actioning based on those vetted, analyzed, and located threats. 

The data doesn't lie. This is something that the industry is aware of, and that companies want to address. But it's more complicated than that. 

Right now, most organizations are left with crowd-sourced reporting to find out about physical threats in the real world. That's good, but that's not enough. It's like going outside with a paper cup to catch the rain. What needs to change is how companies amass this type of data and how they analyze, filter, and deliver it so that it goes from "word on the street" to actionable threat intelligence.

This takes time, dedication, and – we'll be honest – years of dark web, deep web, social media, online forum, APT, and government experience. Plus, the right technology, coupled with AI, can not only find the avenues of newsworthy data but make sense of them all.

Managed Physical Security Services

Cyber-physical threats are here to be reckoned with, and most companies won’t know about them until it’s  too late. One big breach headline later – or instance of executive abuse, data center up-time disruption, or worse – attention will be paid where it should have been paid before. 

And it won't be because companies aren't trying to get to the data. It will be because they don't have the experience to know where to look, and they won't be able to parse out the data when they do get it. With so many threat intelligence feeds, disparate sources, sites and platforms, the volume of information can quickly become unmanageable.

The real difference will be made by those who can come to the table with the following capabilities:

• Widespread visibility of the physical attack surface. Safeguarding physical locations like offices and critical infrastructures is crucial. The focus is on preventing unauthorized access, hardware theft, and vandalism that can lead to digital vulnerabilities. By integrating physical security measures such as surveillance and secure access protocols, your organization bolsters its overall cybersecurity posture.
• Single-pane view of all threats. You can’t take action with data you don’t understand. This step is so critical, as sloppy mishandling of data (or data presentation) could sink your whole data reconnaissance efforts and eliminate their effectiveness. The importance of this step cannot be understated. Security professionals today require one centralized platform to track threats across the surface, deep and dark web.
• A security force-multiplier. When taking on an additional load of digging out physical threats, it’s no question that companies need to do more. However, it doesn't necessarily mean it has to be them. Suppose they've got the time, the expertise, and the cycles, then why not? But not many do, and the technology to parse out an internet’s-worth of physical security data streams is a lot to handle. Organizations should look to force-multiply in this area by leveraging the resources – be they AI-driven technology platforms or managed external cybersecurity services - necessary to do what needs to be done in as efficiently as possible.

But the main differentiator is, and always will be, the human intelligence (HUMINT) factor. It's not enough to have technology and visibility if you don't have the human context to go with it. Technology can help surface these threats, but it's the human analysts who verify, vet, enrich, and categorize these threats so security teams don't have to. ZeroFox positions itself to do all the backend legwork in this department, so you can simply focus on taking action. 

Cybercriminals are increasingly willing to jump fences to get what they want, and more and more often, they're jumping into the real world.ZeroFox is here to resist that push and implement guard posts to protect every organization against malicious threats, no matter where they originate. Learn more about how ZeroFox can help you level up your physical security intelligence.