Physical and cyber threat convergence forum: Three takeaways
Data breaches cost enterprises millions of dollars annually. As companies try to keep pace, they are limited in their ability to combat malicious hackers if physical and information security teams remain siloed.
To help provide a solution, CTG Intelligence hosted the second annual Physical and Cyber Threat Convergence Forum at the University of Phoenix Riverpoint location in Phoenix, Arizona. The full-day event featured presentations and panels on the expanding roles of corporate security experts and best practices for digital and IoT security to ensure holistic enterprise threat prevention and management.
Local and national physical and IT security experts discussed a range of timely enterprise security topics centered around how to establish improved working relationships between corporate and cybersecurity specialists. Following are three takeaways from the forum.
1. Arizona has the “most collaborative cybersecurity ecosystem in the country,” but support is needed to combat future threats
Keynote speaker Frank Grimmelmann opened Friday’s forum with a positive declaration that Arizona is “far ahead” of other states in regard to information sharing and has “the most collaborative infrastructure in the United States.” His declaration is based on research and the state’s robust collaboration between law enforcement, education, industrial engagement, industries and organizations, which provide the tech infrastructure and experts.
Grimmelmann, president and CEO of the AZ Infragard, Arizona Cyber Threat Response Alliance, Inc. (ACTRA), implored attendees to help continue to build the ecosystem to combat growing threats. He asked them to support the Arizona Cybersecurity Team (ACT), an executive order issued by Governor Ducey in March, which strives to create a unified body of partnership and purpose to address the expansion of the ecosystem through workforce expansion, economic development and increased education.
“It is absolutely critical that we not only attract new people to the workforce but that we take the existing workforce and elevate it for the future.” Grimmelmann said. “To do this, the state must invest in technology, develop an ecosystem of information sharing and response.
2. Physical and information security teams must be collocated
As organizations help to build the workforce and reinforce the ecosystem, Jamie Smith provided a solution to help protect their internal cybersecurity infrastructures – collocation.
In his presentation, “Understanding the importance and expanding role of corporate and IT security training for digital and IoT security,” Smith, University of Phoenix CIO, referenced the failure of the Maginot Line to emphasize the need to converge today’s physical and information security teams in one combined location.
Similar to how France’s defensive border fortification became a liability as war tactics evolved ahead of the Second World War, Smith said that the archaic idea of separate physical and information security teams leaves enterprises vulnerable to cyberattacks. Organizations must create T-shaped resources that are broader than one area of expertise to keep up with evolving cyberthreats.
“Information security isn’t about defending the perimeter anymore. It’s understanding that we have transitioned from slow-moving threats to a dynamic, fast-moving environment,” Smith said. “We cannot keep physical and information security separate anymore. Let’s make sure we’re not fighting the last war.”
3. Common leader, unified risk council could be solutions to aid convergence
Carlos Goveo, global security manager for IT solutions distributor AVNET, was one of the few physical security experts to present at the forum. He said that physical and information teams today rarely, if ever, need to talk about what they are doing. This lack of communication is counterproductive as both entities share the goal of defending the assets of the company.
“Enterprises have to at least have a basic understanding of each group’s training and knowledge to have a better posture to take care of incidents and threats,” he said. “Everything nowadays is a multidisciplinary team approach. You have to have relationships and talk to other team players.”
Goveo said combining these two groups comes with obstacles, such as incompatible systems, lack of executive sponsorship and budget constraints. Creating a complete security convergence means that all facets of an organization – from compliance and risk to finance, HR and many other partners – must be unified under a single goal, not just physical security and IT.
He provided three solutions:
- Combine both functions under one leader, the CSO
- Maintain separate functions, but have them report to a common manager
- Keep functions separate but bring security issues under an enterprise risk council
Learn more about Greater Phoenix’s large cybersecurity presence here.
Watch the full video of the forum below: