Gå direkte til content

Dictionary

Physical Security

What is Physical Security?

Physical security deals with protection against common physical threats, such as burglars, thieves and activists. However, as the threat landscape expands, physical security may also assist in the protection against more sophisticated advanced persistent threat (APT) actors such as nation state sponsored attackers and advanced corporate espionage.

These threats provide impacts in the form of either damage to or theft of company property or, as in APT cases, intellectual property theft, and on rare occasions, theft of stored data with the intention of redistribution.

 

Physical security is often neglected

While cyber security has gotten a lot of awareness over the last decade, we often find physical security is neglected. What good does a firewall do to protect your data, if someone can walk right in and take the hard drive?

Surveillance equipment can be disconnected, and guards can be socially engineered – so how can we be sure that our implemented defence mechanisms work in a real life scenario?

For example, in 2019 Greta Thunberg and a group of climate activists managed to enter Maersk’s headquarters in Copenhagen, bypassing reception and security measures to stage a protest inside the building. The incident demonstrated how determined individuals can exploit human behaviour, busy entry points, or lapses in procedures to gain access to otherwise secure premises – without the need for hacking or breaking physical locks.

 

What does physical security encompass?

Physical security serves to protect company employees, documents, laptops, workstations, storage drives, servers, assorted valuables and other hard assets.

Traditional protective mechanisms include:

  • Secure doors and door locks
  • Access control systems, commonly using keycards and access codes
  • Alarm and surveillance systems

But there’s a lot more to it which goes unreferenced regarding physical security.

That policy you have about always wearing your keycard visibly? Physical security.
Your policy about laptops always being locked? Physical security.

The culture of asking people for their ID card if they aren’t wearing it? You guessed it, physical security.

 

What can be done?

Each security measure needs to be handled properly and appropriately.

  • Doors must be properly seated into the frame. Hinges properly selected, or seated on the secure side, so they cannot be manipulated.
  • Locks must be well seated into the door and be well selected, so it can’t be picked, combed, raked, bumped or broken.
  • Windows must be closed and seated properly, and old wooden frames with nailed in single panes must be replaced.
  • Alarms must be set on all sides of the secure facility and hooked up and configured properly. When triggered, security should be called immediately.
  • Keycards must be using secure chipsets, mifare classic 1k is too insecure. They should also be worn visibly when at the facility and people should be questioned when it’s absent.
  • Security guards must be well trained and paid to avoid lawsuits and recruitment.
  • Physical documents and laptops should be with employees or secured in a well selected safe.
  • Workstations should be locked when employees are not using them.
  • Surveillance systems should observe key entrances and high risk areas. If cost is a factor, entryways and high valued assets should be prioritized.

 

“I feel like our security is in the top shape – what more can we do?”

Itm8 has their very own “Black Team” as a part of our Professional Services.

A ’Black Team’ is a group of specialists tasked with covertly breaking into an organization by combining their skills and knowledge from both physical security and their technical expertise. By combining these skills and utilizing them, they can simulate real-world intrusions, thefts, or sabotage. Their objective is to identify weaknesses in physical defences, security protocols, personnel response and bypassing access control systems.

 

How do they do that?

With their knowledge and skills from the cyber security field, working as penetration testers, they combine their expertise with their covert access specialist experience, and are able to identify valuable targets, and create attack paths to reach them.
They do this by being able to:

  • Pick locks and open them
  • Open one way secure doors from the outside
  • Disguise themselves and get into the building unassumed
  • Copy keycards, and use them to open doors
  • Elicit information from employees
  • Bypass surveillance systems and abuse their blind spots
  • Plant bugs, cameras and other devices to obtain sensitive information

Using their unique skillset, they can help analyse, evaluate and explain the security challenges that companies face, and demonstrate their skills by gaining access to areas they’re not supposed to be in, and then tell you how they did it. This way, you will be able to implement security measures that correspond with exactly what your company needs. Because physical security implementations are not a “one size fits all”.

You might have unclonable keycards, but that does not protect you, if the service entrance is left unlocked.

If you think your security is in top shape or are unsure of where you might want to improve, call us up. Our black team works night and day to assist our partners with improving their physical security.

Do you want help with Cloud Computing?

You’ve now gained a lot of knowledge – maybe you’ve even found the answer you were looking for. But what’s the next step?

If you’d like sparring or help moving forward, our experienced consultants are ready to advise you. Write to us here, and let’s work together to find the best way forward for you and your business.

Fill out the contact form

Who are we and why can we help you?

It’s right there in our name, itm8 – we’re your IT mate. We’re here to make IT easier for you.

Working with us gives you access to more than 1,000 IT experts and just as many certifications. We’re ready to work closely with you to create solutions that strengthen your business – today and tomorrow.

Udfyld kontaktformularen

Din indsats i dag. Dine fordele i morgen.