By Landon Winkelvoss
From the February 2024 Issue
Unless your cybersecurity and physical security functions are working together, eventually connected threats will be missed by both. The continued convergence of cyber and physical risks means our security teams need to support the goals of organizational privacy, safety, and trust with as much rigor as they do confidentiality, integrity, and availability.
It’s no small task; overseeing your organization’s entire ecosystem of interconnected risks poses a significant challenge. While physical and cyber security teams work in isolation, the impact of a security event ripples across the organization. A cyber attack on your business could result in a physical security breach, giving unwanted access to someone to steal or damage equipment. Likewise, a physical security breach of a facility could provide a threat actor access to computer and technical systems, allowing them to launch a cyber attack, damage systems, or steal data.
Although your security functions may be siloed, the impacts of an incident rarely are. Theft of sensitive data, for example, may have compliance implications and lead to serious questions about a company’s cyber posture, damaging brand reputation and increasing the risk of identity theft, fraud, or, in some cases, physical threats to your personnel or customers.
Understanding the implications of a physical compromise on your cybersecurity posture and, conversely, the impact of a cyber breach on your physical security is critical to protecting the health of your organization.
Understanding the implications of a physical compromise on your cybersecurity posture and, conversely, the impact of a cyber breach on your physical security is critical to protecting the health of your organization. Converging cyber and physical security functions can go a long way toward closing gaps in coverage, extending enhanced security to geographically dispersed facilities, and protecting hundreds of thousands of employees.
The key to this convergence lies in open-source intelligence and digital investigations that can enrich physical and cyber security programs. Open-source intelligence (OSINT) introduces the analysis of public, non-classified sources, including troves of digital archives, business records, social media, and the dark web, to bring context to what security teams see inside their perimeter.
Here are five ways open-source intelligence and digital investigations can bring context to cyber-physical security outcomes:
1. Protecting People
Attacks against employees come in many forms. Threat actors may use fake social media accounts to misrepresent, impersonate, or target executives and employees in phishing schemes and other crimes. Nisos investigators recently identified several online personas used by the Democratic People’s Republic of Korea to fraudulently obtain remote employment from unwitting companies in the United States.
Identifying fake accounts and attributing phishing infrastructure targeting your people ensures you keep threat actors from walking through the virtual front door. OSINT also makes it possible to engage law enforcement when criminals make threats online against your people, locations, or brand.
2. Travel Security
When executives and other employees travel, the risks they face could impact the business as well as the traveler. Cyber security teams may provide guidance to protect company devices and information, but understanding the broader risks your employees may face against a host country’s offensive cyber capabilities in specific regions is a must.
OSINT and regional monitoring of traditional and social media can help any concerns to determine unrest, negative sentiment, or hostilities that could delay or disrupt travel plans.
3. Regulatory And Environmental Risk
Avoiding vendors, partners, or acquisition targets who do business with high-risk foreign nationals or nation-states requires diligence. This necessitates visibility into the corners of the web where adversaries operate, like the dark web.
Digital investigators attribute insiders and external threat actors presenting a regulatory or environmental risk to the business and ensure you aren’t unknowingly doing business-sanctioned entities.
4. Geo-Political Risk
Times are turbulent. Understanding the evolving impact of geopolitical tensions on your business will be critical for the foreseeable future. Monitoring, translating, and analyzing foreign press and media, helps to uncover disinformation, terrorism, fraud, intellectual property theft, and other threats on platforms that could target your people or operations.
5. Global Investigations
Collaboration between investigators, general counsel, and human resources informs enforcement and the creation of policies that reduce risk. Unmasking of real-world identities, including public release, attribution, and sharing with law enforcement and policymakers, makes it possible to disrupt threat networks.
How Disinformation Could Derail OT Security Risk Management
Security teams need to prepare for the potential for disinformation to impact operational technology (OT) security. Read more…
How Disinformation Could Derail OT Security Risk ManagementMerging Cyber And Physical Security
Converging cyber and physical security functions takes time, skill, and experience, as well as the right tools. Enterprise security teams from both disciplines spend most of their cycles dealing with raw data and reviewing pre-populated threat dashboards. Investigations, as a result, end up being shallow.
If facility executives find the right partner, organizations can offload resource-intensive threat intelligence and digital investigations to an expert team of analysts focused on real-world threats specific to your organization. Gain confidence with OSINT in your ability to respond to advanced threats, and overcome silos with finished intelligence and answers to your most critical security questions.
Winkelvoss co-founded Nisos in 2015 and serves as its VP of Intelligence Research where he leads public-facing and community adversary research. Further, he leads Nisos intelligence advisors where his team is directly involved in go-to-market sales, demand generation marketing efforts, targeted prospecting, partnership acquisition, product management advice, and project sales conversion to annual recurring revenue.
Do you have a comment? Share your thoughts in the Comments section below, or send an e-mail to the Editor at jen@groupc.com.
