The hyperconnectivity of today’s world means that digital risks and physical security are becoming more closely linked than ever before. As cyber and physical risk continue to converge, posing new hybrid threats to largely siloed cyber and physical security teams, this trend shows no sign of abating. In an increasingly complex security environment, how can we understand the new era of cyber-physical risks, the predominant threats organizations face today and what security teams can do to respond to this intensifying environment?
Hybrid risks present problems for siloed security teams
In collaboration with ASIS International, Constella’s 2022 cyber-physical report showcases the perspectives of more than 300 security professionals in the cybersecurity and physical security sectors from organizations across 19 industries and five geographic regions. The results speak directly to the staggering increase in physical threats against global companies amid an operating environment characterized by uncertainty, polarization and social and geopolitical unrest. Combine this new reality with disjointed cyber and physical security teams and a widespread lack of cross-functional, unified risk monitoring platforms and you’ll find unprecedented levels of organizational risk.
The survey reveals that nearly 50% of respondents’ organizations experienced an increase in physical threats and incidents at their companies over the past year. In today’s hyperconnected world, virtually every physical event is connected to activity in the digital sphere, somewhere on the surface, social, deep or dark web. Despite this, cyber and physical security teams appear to find themselves disconnected, with an alarming 54% of respondents reporting that their physical security teams do not frequently interact with their cyber counterparts.
The need for collaborative engagement and integrated tools is abundantly clear, as an overwhelming majority of the security professionals surveyed believe their organizations would be better equipped to prevent future crises if their cyber and physical teams could proactively monitor threats using a single unified platform.
Digital activity virtually always precedes physical events
What does this mean for the quickly evolving needs of physical security professionals? The first step is understanding how physical threats emerge and develop online, whether in virtual chat rooms, on social media, or through interactions and transactions on the deep and dark web. Closely monitoring for these increasing physical threats offers organizations a substantial protective advantage before they materialize into physical incidents that can disrupt business operations and put employees or other individuals at risk.
Take the tragic July 4th parade shooting in Highland Park, Illinois, for example—the attacker had long been involved in digital subcultures that glorified violence and even created videos that portrayed mass shootings. Based on his online activity, authorities believe he had been planning the attack for at least 10 months. Still, far less sinister events that nonetheless impact the economic activity of businesses and the physical safety of employees and executives are often discussed and disseminated online long before they transpire—such as planned protests at corporate locations or potential civil unrest, for example.
Due to the rising interconnectivity and accessibility afforded by digital platforms, the emergence of cyber-physical threats is no longer restricted by geographic proximity. For this reason, physical security teams must be tightly engaged with cyber and digital intelligence experts within their organizations. Signals of early risks emerging from the digital sphere, such as disgruntled employees or customers or activism-motivated pressure groups, should be understood, prepared for and addressed as proactively as possible.
When asked to indicate which physical security threats had increased at their organizations, Constella’s survey respondents most often identified threats against physical locations or facilities (51%), threats against co-workers (43%) and activism-related threats against business practices (42%). These trends also correspond with the top three physical security priorities ranked by industry professionals:
It is also crucial to consider how geographical region, coupled with social and political culture, impact physical security concerns. For example, preventing an active shooter event is the top priority for the North American security professionals surveyed, followed closely by dangerous threats from former employees or dissatisfied customers. These considerations fit the context of the United States’ recent history of violent armed attacks in a wide range of public locations.
The importance of surface, social, deep and dark web monitoring
Digital spaces, such as dark web communities and marketplaces, chat rooms, forums and even public channels, often provide substantial insight into physical threats before and as they materialize. “Weak signals”—early signs of emerging risks derived from online activity—residing in these digital spaces bolster the argument for more tightly integrated physical and cyber security departments.
For example, the 2020 conspiracy theory linking coronavirus to 5G wireless technology gained traction on Facebook, WhatsApp and Youtube, triggering more than 100 cases of individuals setting 5G towers ablaze in the United Kingdom. This resulted in risks to individuals and physical assets and an interruption of essential services in some cases. Within this context, physical threats targeting organizations, individuals and infrastructure can no longer be adequately analyzed or addressed without digital intelligence capabilities forming part of the toolkit of physical security teams.
Despite the digital signals generally preceding physical outcomes, Constella’s survey uncovers a widespread absence of dark web and social media monitoring for early indicators of potential threats. Only about one in five respondents reported that their organizations continuously monitor the dark web and less than 40% said that their organizations do the same for social media. This points to a significant gap in security infrastructure—physical security teams lack the technological means to detect risks before they become full-fledged, real-time threats.
Hesitation to implement a comprehensive monitoring program may stem from budgetary limitations, but the financial and reputational ramifications of cyber-physical crises be incredibly damaging and costly. Taking the first steps to operationalize this type of early risk detection intelligence includes monitoring and flagging relevant activity related to your brand, physical locations and key individuals. It comes as no surprise that doing so on a unified platform where security objectives and intelligence gathering can be coordinated would undoubtedly streamline cyber and physical security capabilities.
What’s next: Anticipating the year ahead
Boards, senior leaders, policymakers and regulators are already beginning to take note of these increased risks, as nearly 70% of survey respondents indicated an increase in corporate guidance or regulatory requirements in response to civil unrest. Global military conflict, remote workforces, ideological extremism and heightened polarization are just a few of the factors driving this shift and the impact is apparent—nearly half of respondents anticipate increased spending on physical security in 2023. New systems and initiatives to bolster cyber-physical security include threat assessment training, real-time monitoring and reporting for executives, integrated cyber and physical security operations and the hiring of protective intelligence analysts and experts.
The continuous growth of cyber-physical risks has perhaps permanently changed the meaning of physical security. Digital transformation continues to accelerate at breakneck speed, often outpacing organizations’ and society’s ability to understand and manage associated risks as they develop. As such, safeguarding organizations from physical incidents must involve a proactive approach in both the digital and physical spheres.
Developing and adopting models that incorporate digital intelligence and cybersecurity operations into existing physical security practices is the only way to get in front of sophisticated, malign actors and adapt to new attack vectors, thus equipping organizations to successfully manage rapidly emerging threats and protect their infrastructure and people.
By Kailash Ambwani, CEO of Constella Intelligence
For more information, visit: constellaintelligence.com
Return to Security Journal Americas NEWS INDEX