The Importance of Physical Security

Before we begin, I would like to provide a brief introduction to why I am discussing this topic. I am currently a postgraduate student in the field of information security. However, before I started studying, whenever I researched security topics, I came across dozens of articles about Blue Team and Red Team. Physical security, on the other hand, seemed to be overlooked.

How does physical security impact cybersecurity?

And this is the first question I want to address in this post. As important as it is to understand the concepts of Blue Team and Red Team, have an incident response protocol, and conduct vulnerability analyses and pentests, we need physical security.

Considering the worst-case scenario, it's of no use to have all these aspects in place if our physical security is lacking. Think about it, what's the value of investing in all these methods to keep data secure... if an attacker can gain access to our infrastructure? With access to the hardware, there isn't much that can be done for data security, except encrypting the data.

So, what are the main physical vulnerabilities that exist?

Without much ado, I'll mention some of the main physical vulnerabilities that exist.

• Unauthorized access

• Lack of monitoring

• Perimeter protection

These are the three main vulnerabilities. They are quite self-explanatory, but I'll comment a bit on each of them. Unauthorized access is when anyone can enter the data center, even if they are not authorized to be there. This vulnerability usually exists if the other two are not properly mitigated.

Regarding the second one, lack of monitoring, we should record all accesses to restricted areas via security cameras and back up these recordings. And of course, we can't just have security cameras without someone to monitor them; with the advancement of technology, there is AI (Artificial Intelligence) capable of performing these tasks.

Lastly, I listed perimeter protection. To mitigate this vulnerability, it will be necessary to restrict access to the data center or restricted area. Methods will vary depending on the company and its size, but to give you an idea: a specific room for servers is required (always locked), and access to the room can be controlled using badges, biometrics, tokens, etc.

But what about social engineering?

Keen observers may have noticed the absence of social engineering. This vulnerability indeed exists and is the most commonly used by attackers in various types of attacks. It has some peculiarities, mainly that it doesn't aim to exploit digital vulnerabilities but rather exploits human vulnerabilities.

Let's do an exercise again. Think about this: if the environment is secure, has defined processes for incident response, has a cybersecurity team, and conducts regular vulnerability analyses, what is the weakest link in this equation? If you answered people, you're correct. A well-configured system is unlikely to be exploited without the aid of social engineering.

For this reason, employee awareness is essential. To achieve the necessary maturity, various techniques can be employed, such as training, lectures, and even simulations. This way, employees will have the necessary knowledge to avoid exposing data or allowing unauthorized individuals into the perimeter.

Conclusion

As we have seen, physical security is as necessary as the others. A single vulnerability is enough for a malicious actor to succeed in their attack. Going a bit beyond physical security, we must remember that there is no system that is 100% secure. Hence, the importance of keeping all systems and processes up to date.