Intercepting them as they are transmitted over the network.
Physical Security Awareness
Physical Security is an important aspect of protecting your organization’s networks, hardware, and data. However, physical security is often overlooked when cybersecurity policies are written, and often times sub-par security measures will be installed, opening the organization to the risk of a malicious intruder.
WHAT DOES PHYSICAL SECURITY HAVE TO DO WITH CYBERSECURITY?
Cyber criminals have been known to breach an organization by infiltrating the physical perimeter and plugging in an infected piece of hardware, or by downloading malicious software directly to systems. These attacks should not be taken lightly, and often indicate a serious risk of insider threats within the organization. Many times, the attacker has performed reconnaissance on the organization and has already mapped out most of the vulnerabilities within the attack surface. Once an attacker has physical access to your networks they can perform several attacks that could be devastating to the organization.
COMMON PHYSICAL THREAT VECTORS
An attacker employs Social Engineering to disguise themselves as an employee, maintenance worker, or authoritative figure to gain access to unauthorized areas.
An attacker plants an infected USB drive into common areas of the organization. The attacker can leave it in a lobby, parking lot, or other organizational watering hole hoping someone will plug in the device. Once plugged in, the device will begin secretly downloading malicious software onto the infected system.
An attacker deploys his own infected hardware by connecting the device straight into the network. The device is often in an unsuspecting spot and is usually small and unassuming.
An attacker breaches a server room and installs a device onto the system, allowing the attacker remote access directly to the server.
An attacker targets an internet drop line and intercepts communications, allowing them to collect critical business data. They can also use these drop lines to disrupt services.
An insider threat leverages their privileges and escalates their security credentials to gain unauthorized access to restricted areas.
HOW CAN I PROTECT MY ORGANIZATION FROM PHYSICAL SECURITY THREATS?
Secure your organization’s equipment, paper files, data storage devices, and hardware by limiting physical access to authorized personnel only. Store data, devices, and files in a locked room and keep an active inventory of all information assets being protected. Perform regular inventory checks to ensure there are no unexpected anomalies that could impact your information security, such as missing assets or additional devices.
Ensure that you are training your employees to practice safe data usage, including:
remembering to lock doors or cabinets;
logging out of systems, applications, and networks when away from the computer or not in use;
never plugging in unfamiliar devices;
shred documents promptly and regularly when no longer needed;
how to properly erase data (the “delete” key does not permanently erase data)
and never leaving sensitive files/devices unattended.
Implement strong password policies by requiring complex passwords (such as pass-phrases), utilizing multi-factor authentication, and limiting login attempts to unlock devices.
Ensure all hardware and communications are encrypted at all times.
Enforce strong Physical Information Security Controls
PHYSICAL INFORMATION SECURITY CONTROLS
Proper Lighting Inside and Outside the Building
Employee and Management Training
HOW DO I KNOW IF MY PHYSICAL SECURITY IS PROTECTED?
The most effective way to ensure your critical infrastructure is protected is to implement regular physical penetration tests and continue to improve your physical security according to the results of your pen test. Additionally, be certain you are constantly auditing and documenting the physical devices within your organization. If any piece of critical hardware goes missing, or you discover an undocumented device, it could indicate that an attacker may already have gained access to your systems. Keep track of all physical security controls that exist within your organization and consult with your information security team to determine any gaps that may exist in your critical infrastructure.