Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.

Cybersecurity tends to focus on dangers that appear on networks or in messages. The attackers may be half a world away, so the threat is the only thing that matters. But what happens when the threat actor is walking through the front door or sitting next to you at an airport coffee shop? Firewall rules and DNSSec can have minimal impact on the thief sliding a company-owned laptop into his backpack and walking out the door.

"If we all took our computers, encased them in concrete, and dropped them into the middle of the Atlantic Ocean, nobody would ever steal our data, but it wouldn't matter because our data would be on the bottom of the Atlantic Ocean," says Tim Callan, senior fellow at Sectigo. The challenge, he says, is reconciling physical security with the fact that people need to use their computers and mobile devices for legitimate work.

In 2016, Bitglass reported that one in four breaches in the financial services sector were due to lost or stolen devices, while one in five were the result of hacking. Physical security might not have the glamour of fighting malware writers, but there's no question it's a serious component of any effective data protection program.

So what are the physical dangers to enterprise data? Several, but they tend to echo the dangers to any physical assets an organization owns. As a result, some IT security groups leave physical security to the physical-plant security force, but there are both strategic and technical reasons to involve IT security in protecting both the data on systems and the hardware that surrounds those precious bytes.

After talking with security professionals, querying the security community via Twitter, and looking at major security incidents from the recent past, we've put together a list of seven threats that definitely deserve attention. Protecting systems from these threats takes a combination of user education, behavior modification, and technology, but remedying the problems themselves can make a huge difference in an organization's risk profile.

(Image: Stevepb)

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights