There’s no sign that the frequency and scale at which cyber-physical risks occur will decline anytime soon. These risks, which originate in either the cyber or physical domain, can have ramifications in the other.
One recent example is the ransomware attack on Change Healthcare, which had a devastating effect on the U.S. healthcare industry and illustrates how a cyber event can significantly impact the physical world. And although the CrowdStrike outage in July was not a result of a cyber attack, its damage on the physical world was far-reaching. Operations of hospitals, airports, payment systems and personal computers around the world were brought to a halt.
It’s important to remember that cyber-physical attacks can happen in any industry, with the most targeted being those deemed critical infrastructure, such as energy, financial services, healthcare, manufacturing and transportation.
This calls for all organizations—whether a small-to-medium business or a multinational enterprise—to have a robust understanding of cyber-physical security convergence and adopt the right strategies and technology to effectively tackle the increase in cyber-physical risks.
A Conversation With Amtrak CISO on Cyber-physical Threats
8 Questions to assess your cyber-physical security convergence readiness
To effectively and efficiently mitigate cyber-physical threats, you should first assess your preparedness to handle such risks. Refer to the following questions for your evaluation.
- Are you engaging with all internal teams to understand the full scope of digital connectivity and associated vulnerabilities?
- Is there a review system in place whenever new technology is developed or contracted to ensure it meets your organizational standards and does not undermine security?
- Is there strong collaboration between your cyber and physical security executives?
- Are you educating leadership about potential cyber-physical risks at regular intervals and running scenario planning exercises outlined in a shared playbook?
- Is your budget adequately allocated to address both cyber and physical risks?
- What processes are in place should a cyber risk become a physical risk or vice versa?
- Is cyber-physical security convergence a priority for senior management and the board?
- Does your security operations operate through a holistic lens, incorporating all potential areas of threats: cyber, physical, reputation, operations, legal, human resources, etc.?
By having the right security approach and technology, organizations will be better positioned to defend against cyber-physical attacks.
Dataminr Guide to Cyber-physical Security Convergence
Download the guide to gain a deeper understanding of cyber-physical threats and learn best practices for mitigating them.
Download GuideAre You Prepared for a Cyber-physical Attack?
Top security leaders share first-hand experiences and strategies for managing and staying ahead of cyber-physical risks.
Learn More