Data Breach Threats in the Real World: How MSSPs Can Help Mitigate Them
… help develop bioweapons or find vulnerabilities in military equipment. Such data could also be illegally obtained by criminals or hackers then sold to a nation-state,” warned Weil.
7. Enablement of corporate espionage. Forbes reported a data breach that exposed the physical security systems of major hotel chains across the globe. Hotel guests around the world are now vulnerable due to the exposure in that breach of electronic in-room safes, multiple devices that control room locks and elevator access, and other physical security management systems.
“In this latest U.S. Customs and Border Protection Breach, cybersecurity flaws exposed critical facial recognition and license plate data as well as access to (and through) physical security systems that ensure national security and traveler safety,” said ReconaSense co-founder and CTO John Carter, who is a former NASA engineer, SIA board member and Homeland Security Advisory Group chair.
Where MSSPs Come In
The days of treating cyber and physical threats as separate issues are long gone; indeed, there never was a time when information didn’t affect the real world. But as digitalization became a driving force, finding specialized talent capable of protecting that data became a single, intense business focus. Today, it’s smart to reunify the digital and physical realms and treat them as a single attack surface.
“Security teams at high security organizations – such as defense contractors, large financial institutions, government intelligence agencies – consider the above impacts as part of their vulnerability assessments,” says Weil.
“Aside from high security organizations, most organizations don’t consider such impacts. During my 22 years in cybersecurity, it’s been rare for me to see an organization consider such impacts,” Weil added.
MSSPs that do offer a comprehensive approach to security in both the physical and digital worlds offer greater value to their customers; and in turn, realize greater revenue for their own companies. But what specifically should MSSPs consider providing for their clients?
“Educate clients about the increasingly serious physical-world implications that are caused by data breaches. Use real world examples, like the above breaches, to get security teams and executives to think and care about impacts such as blackmail and kidnapping,” advises Weil.
“When performing risk and vulnerability assessments or creating tools used for such assessments, include detailed analysis of vulnerabilities that could result in real world, physical impacts like those discussed above,” Weil added.
MSSPs should also look at using tools capable of creating and maintaining comprehensive situational awareness.
“AI-powered solutions can detect anomalies and identify threats across an entire security infrastructure – IT and physical – before a breach occurs, enabling teams to go beyond managing siloed data and alerts to achieving true situational awareness and rapid response capabilities,” said Carter.