Gå direkte til content
Hurtig IT support hos itm8
Hurtig IT support hos itm8

The growing importance of physical security in the age of cyber threats

3 min read

itm8 16-May-2025 11:31:23

Cyber Security

06-05-2025 By Jacob Krahn, Behidzhe Yoztyurk & Karoline Zederkopff Christensen 

In today’s interconnected world, businesses focus heavily on digital defenses against cyber threats. However, as cyber attackers become more creative, safeguarding an organization’s physical assets and sensitive information is equally important.

1920x1220_Herning_7

The Rising Threat: Cyber Attacks Through Physical Breaches

While cyberattacks have become central to modern security concerns, attackers are increasingly exploiting physical vulnerabilities. The risk of espionage is now assessed as high by organizations such as the Centre for Cyber Security, and groups like Russia’s intelligence unit 29155 are adapting their methods. We predict that cyber threats will continue to rise, but not always through traditional digital means—instead, attackers are turning to the physical world using methods such as covert access and physical penetration testing.

  • 2010: A hacktivist stole millions of research articles from a server room3.
  • 2013: Four stolen laptops exposed records of 4 million patients, leading to a $4.9 billion lawsuit4.
  • 2014: A company lost a server containing thousands of credit card records during an upgrade5.
  • 2024: An ATM was breached, compromising personal and financial data of thousands6.

These incidents, though spaced years apart, likely represent only a fraction of what truly occurs. Many physical breaches go unreported due to the reputational damage and legal implications involved. These unreported cases—sometimes referred to as the “black numbers”—are notoriously difficult to quantify.

As threat actors find ways to sidestep digital defences, physical access points—from unlocked server rooms to unattended workstations—remain low-effort, high-reward targets.

Compliance Requirements

Regulating institutions have recognized this shift. Financial institutions are now required to comply with DORA (the Digital Operational Resilience Act), which explicitly includes physical security as part of its regulatory framework. As financial sectors set higher standards, it’s likely that other industries will soon be held to similar expectations—if not by law, then by clients, insurers, or industry best practices.

Is Your Organization Vulnerable?

Consider this: could someone walk into your office and steal a laptop containing sensitive data without being noticed? Many organizations focus on digital security but neglect physical security, even though physical entry is often the easiest way for attackers to gain access.

Physical security is just as vital as digital defenses to achieve a good cyber security posture. If attackers can physically access your building or equipment, your firewalls and intrusion protection systems become irrelevant.

Do your facilities use mantraps, and are they deployed at all access points, including employee-only entrances? Are your security cameras providing comprehensive coverage, or are there blind spots that go unchecked? Are your keycards encrypted and secure, or could they be easily cloned? Are your doors and frames properly fitted, or are you relying on generic, one-size-fits-all hardware? And finally—are your employees consistently trained to prevent tailgating, or is that responsibility assumed rather than ensured?

One excellent risk mitigation is to assess your physical security through a Black Team Engagement. This test simulates real-world attacks where a team attempts to break into your building, simulate data theft, or bypass security, followed by a report to help strengthen your defences.

Alternatively, a Physical Security Assessment—also known as a physical assessment—can identify vulnerabilities by reviewing:

  • Access points (doors, windows, etc.)
  • ID badges, keys, and access controls
  • Surveillance and alarm systems
  • Secure storage and employee behaviour

By testing physical security proactively, organizations can identify weaknesses and fortify their defences, ensuring robust protection across all areas.

 

Conclusion: Secure Both Physical and Digital Assets

As cyber defenses evolve, physical security remains a critical yet often overlooked component. By addressing both physical and digital threats, businesses can safeguard against evolving risks and ensure comprehensive protection. It’s time to treat physical security with the same importance as digital security.

We offer a physical security assessment which can help you identify and mitigate physical security vulnerabilities.

 

Do you want to learn more about Physical Security? Click the button and see more:

Learn more about Physical Security

 

References

  1. Cybertruslen mod telesektoren:
    https://www.cfcs.dk/globalassets/cfcs/dokumenter/trusselsvurderinger/-cybertruslen-mod-telesektoren-2025-.pdf
  2. Russian intelligence ramp up cyber pressure on the west:
    https://www.ria.ee/en/russian-intelligence-ramps-cyber-pressure-west
  3. Swartz indicted for JSTOR theft:
    https://thetech.com/2011/08/03/swartz-v131-n30
  4. The HIPAA Wall of Shame: Major Data Breaches of 2013
    https://www.hipaajournal.com/hipaa-wall-shame-major-data-breaches-2013/
  5. Optical care chain loses a server, again
    https://www.databreachtoday.com/optical-care-chain-loses-server-again-a-7624
  6. Over 4600 RBFCU customers’ data may be leaked in data breach, Texas AG’s office says
    https://www.ksat.com/news/local/2024/12/27/over-4600-rbfcu-customers-data-may-be-leaked-in-data-breach-texas-ags-office-says/
  7. DORA
    https://www.finanstilsynet.dk/lovgivning/eu-lovsamling/dora
  8. Article 18 Physical and environmental security
    https://www.dora-info.eu/rts-rmf/article-18/

Let's chat

Fill out the form, and we'll get in touch with you.