The Most Pressing Security Threat to Business is Hidden in Plain Sight

Cybersecurity has been front and center in discussions around business risks. Cybersecurity training is required during employee onboarding and is often required annually. Multi-factor authentication is now the standard: Nearly two in three enterprise tech users now authenticate with MFA. The rise in hybrid work has only increased this investment in cybersecurity, as most (if not all) business operations and collaboration tools have moved online, hiring has continued and there is now a broader set of co-workers who have never met face-to-face. 

But there’s a looming security threat that is hidden in plain sight in our increasingly digital world: The physical security of your business’s people and property.  

As workers have returned to the offices on various schedules, the transition has revealed the importance of investing in an environment that is as physically safe for employees and your company’s data as it is digitally secure.  

The State of Play 

According to Gartner, spending on security and risk management is projected to total $215 billion in 2024, an increase of 14.3% from 2023. Yet across all of the areas that it tracks, none include physical security outright. Even looking at just infrastructure protection, that subset only accounts for 15% of that $215 billion – the rest is allocated towards fully digital security protections. 

But there’s a much more diverse threat landscape out there, and physical security does more than limit access to spaces where data is stored. Leaders can (and should) approach physical security with the same dynamic and forward-thinking strategy that they would cybersecurity, because ultimately, the threats are targeting the same valuable sources – your employees, company data and the IP that is stored in technologies or in people’s heads.  So, where do they start?  

How to Take Action Today 

While aligning your physical security posture with your business cybersecurity posture does not have a one-size-fits-all solution, these core principles and strategies can significantly enhance the overall security posture of your organization, combining physical security with your cybersecurity strategy.  

• First, start the conversation. If your physical security teams don’t have a dotted line to your IT team, create space for a conversation. They don’t have to sit in the same organizations, but ideally, you can create an open line of communication for them to talk about new strategies and solutions or active threats they’re mitigating. You never know when data or information from a physical security incident could play a critical role in an ongoing cyber investigation, or vice versa.  

• Reduce the footprint of your physical security hardware and software. The more vertically integrated your physical security solutions are, the easier it is for your IT teams to partner with your physical security teams to manage them. Instead of using a point solution for cameras and another point solution for access control, many physical security solutions now offer vertically integrated solutions so that if an unauthorized user tries to gain access to a server room, you can immediately investigate and identify the culprit with video footage and the access alert already paired together.  

• Ensure your physical security hardware and software is being updated regularly. Better yet, opt for a provider that pushes automatic firmware and software updates across all of your business, such as video security cameras, door locks, intercoms and alarms, so that your IT and physical security teams don’t have to manually update across every location when there is a new patch.   

• Regularly review physical security permissions and audit logs. Too often, access to physical security systems is outdated or may not reflect rapidly changing job responsibilities or titles at organizations. Leaders should carefully and regularly review access permissions – or better yet, ensure their physical security systems are integrated with employee directories so that this is automated – to ensure that only the right people have access to physical security systems. Further, ensuring that physical security systems have audit logs is a stopgap solution to ensure you have a paper trail to understand every user who may have accessed your physical security systems and the changes they have made.  

• Educate and engage your employees. Your employees should know what security measures are in place for physical security as much as they should know about the latest IT updates or cybersecurity policies. Develop and communicate clear physical security policies and emergency procedures to all employees. This includes protocols for reporting suspicious behavior, evacuation plans and how to respond to various types of emergencies. Just like phishing tests, regular drills or training sessions can ensure that these procedures become second nature. 

Ultimately, investing in security isn’t just about the digital world. For organizations to be successful, they need to take a fundamentally holistic approach to protecting what matters most – people, company data and IP.