In February 2021, a water treatment plant worker in Oldsmar, Florida noticed some rogue mouse clicks on his monitor, watching as it raised sodium hydroxide levels 100x. A hacker had remotely gained access to the plant’s water treatment controls and was trying to contaminate the community’s water supply.
This event illustrates the growing intersection between cyber and physical security. In this case, the intrusion was corrected before reaching the public—but a system vulnerability like this could have harmed thousands. It’s situations like these that necessitate security convergence—a concept that is widely discussed but sporadically practiced.
Security convergence is the practice of integrating physical security and information security within organizations rather than siloing teams and strategies. The goal is to address the risk alongside our growing dependence on information and web-based technologies. Some security professionals consider business continuity management (BCM) and compliance teams as part of a holistic convergence strategy, too.
What does security convergence look like in 2021, and what are the benefits of security convergence?
Security Convergence Still Nascent in Practise
According to a report by ASIS Security, 96% of organizations with at least two converged departments—typically physical, cyber, and/or BCM—see positive impacts. Yet only a quarter of organizations have converged physical and cybersecurity functions, and 70% of siloed organizations currently have no convergence plans at all.
This might seem a little surprising considering digital transformation trajectories and associated risk for the entire organization—not just cyber teams. Each second, 127 new IoT devices connect to the internet. This opens up myriad physical security risks when these devices include tools like access control systems.
Non-cyber, online data is also crucial for physical security teams and business continuity functions like marketing and PR. For example, monitoring social networks and dark websites is strategic for finding breaches and other cyber vulnerabilities. It’s also crucial for finding damaging viral content, doxxing, violent planning discussions, and other risks that could compromise physical security and business.
Without convergence, organizations lack the communications and tools to stay ahead of emerging security threats—potentially causing avoidable harm to their data, people, critical infrastructure, and revenue. Here are five benefits of an effective security convergence strategy.
1.Stronger Security Posture
First and foremost, convergence strengthens your overall security posture. This is reported by 72% of organizations engaged in security convergence. When security departments are siloed, it creates information gaps that adversaries can easily exploit. When physical and cybersecurity departments integrate, organizations improve visibility into these risks, particularly when they overlap (as they inevitably will). They are better positioned to predict threats and address them before they escalate.
For example, imagine your physical and digital security teams are converged with your BCM team. A threat actor just posted an information leak targeting your CEO on a deep web forum, including their personally identifiable information, logins, addresses, and family member data.
In a coordinated effort, your security function can simultaneously secure any systems where this information was obtained and warn staff about potential BEC scams. It can also ensure their family and home are physically secured, and address any interruptions to the CEO’s business meetings and travel. This is the kind of comprehensive security accountability that a segregated approach misses.
2. Improved Crisis Management
After the COVID-19 outbreak, organizations were suddenly faced with risks from all directions. Cyber adversaries leveraged social panic and remote workforces. Facilities were more vulnerable as staff got sent home. Supply chain security became an increased concern. And overwhelmed healthcare systems relied on security teams to help sustain life.
Whether it’s a pandemic, natural disaster, data breach, or targeted attack—crisis management is now an org-wide responsibility. Security convergence allows organizations to manage crisis impacts more holistically and avoid risk oversight when crises intersect physical and digital spaces.
3. Business and Security Strategies Unify
Traditionally, cybersecurity and physical security are considered separate from the overall business strategy. But a more integrated threat landscape means that physical and information security risks must also be understood and treated as business risks. For example, digital and physical security breaches can damage customer and stakeholder trust, affecting revenue and business relationships in the long term.
In fact, organizations that actively invest in security convergence tend to prioritize business continuity management. BCM is converged by almost twice as many organizations as those that focus only on digital and physical security convergence.
Companies are often entrenched in seeing digital risk as an IT problem—or access control as a physical security concern. Bridging these strategies with business management ensures that security teams work cohesively to mitigate risk and drive revenue.
4. Better Communication and Knowledge-Sharing
Improved communication is a widely reported benefit of security convergence. For one, a more integrated strategy aligning with business goals encourages more cultural cohesion among staff that were previously divided by turf allegiance.
In converged organizations, the security function tends to have more clout with the C-suite, resulting in better security budgeting and prioritization. CSOs also become a source of truth for all things security, addressing communication breakdowns and point-of-contact confusion. Another benefit is knowledge transfer: convergence enables personnel to have more well-rounded security and business continuity skills. For Bill Wipprecht, Wells Fargo’s CSO, this cross-training has “made his agents more aware of areas that weren't previously part of their job descriptions,” establishing a more cohesive and effective security function.
5. Cost Savings and Improved Efficiency
When more security personnel have the skills to intersect physical and digital security, efficiency naturally follows. Organizations save time and resources spent coordinating siloed teams and addressing communication gaps. Deduplicating security roles means that organizations can minimize staffing costs. Integrating physical and digital security teams can also result in technology convergence, cutting maintenance and replacement costs for outdated tools like video surveillance systems.
There is no one-size-fits-all convergence strategy. Security convergence looks different for each organization depending on their needs. But regardless of what their strategy looks like, organizations can’t reap the benefits without the right tools.
Security solutions like the Echosec Systems Platform give enterprise security teams access to a variety of online data relevant for both digital and physical use cases. The Platform’s focus on ease-of-use and team collaboration are also ideal for converged security functions—especially where some personnel lack the technical background to operate complex security software.
To echo industry experts: the future of security is converged. Physical and digital attack surfaces are becoming more overlapped every day. Reflect this in your risk management strategy, and your people, data, assets, and business strategy will benefit.
Missing out on the benefits of security convergence?
Find out how we can help.