We have all heard of cybersecurity, it’s in the news almost daily, but you may not have heard of security convergence. But that’s OK, few people have. But what is it? What does it mean to your business?
Security convergence refers to the combination of the traditional elements of security- physical security, information security, and cybersecurity. A business is nearly always secured using these three security functions, but increasingly the lines between the three are becoming blurred.
For example, most access control systems are connected to the internet and/or your company network. So, although securing a door is traditionally thought of as physical security, it requires some form of cybersecurity and information security to secure that door effectively.
Equally, physically accessing a building or computer is a sure way around most cybersecurity defenses.
Scott Borg, Director of the U.S. Cyber Consequences Unit, has recently said:
“As long as organisations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organisational level.”
What does that mean for the way you operate?
In short, it means that you must stop thinking about protecting parts of our business in isolation. When considering how to protect your business assets, you must consider all the threats against it, physical threats as well as digital threats, before you can start protecting them properly.
By introducing security at the very top of your business planning, you will be able to deal with security issues holistically. Highlighting issues early, you can plan to mitigate the risks in a collaborative way rather than in isolation, which in turn, will drive down the costs of protecting your business.
What can you do now?
Understanding your business assets, whatever form they take, is key. A business asset is more than what the business ‘owns’, it is whatever the business needs to create, deliver or sells its product or service. Identify the threats that the business assets face. Whether it is a cyber threat or a physical threat, it is vital you write them all down so that you know what you are trying to protect against.
Think about the impact and likelihood of an incident happening. What would be the impact on your business if one of these threats were to materialise, how would your business cope? By identifying the impact and likelihood, you can start to prioritise what needs doing first.
And lastly, don’t assume your IT department is taking care of it. Cybersecurity is a different skill set for most IT professionals, so make sure you are asking the right questions. As a bare minimum, they should be talking to you about Cyber Essentials.
If you would like any further information or help, please get in touch. We are more than happy to help. At the end of the day, good business security is good for ALL business.