Protecting Data is Critical
Physical security and cybersecurity converge
To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet.
There are smart fridges, smart toasters, thermostats, etc. Companies are even connecting things like belts and (I can’t believe I’m not making this up) beehives to the internet. Sometimes the benefits are clear. Other times, not so much. But in all cases, the increased use of connected devices has thrust cybersecurity even further into the spotlight.
Connected devices are hardly new to the security industry — IP cameras have been around for more than 25 years. But as network cameras grow both more advanced and more accessible to a broad range of businesses, the line between physical security and cybersecurity has grown increasingly fuzzy. Any connected device represents a potential entry point for a would-be attacker, and cameras, audio sensors, access control stations, and other physical security devices have become common targets for adversaries.
Fortunately, this is not happening in a vacuum. Device manufacturers, application developers and government regulators have all taken note of the growing convergence of physical and digital security, and several trends are now emerging that point toward stronger devices security in the future.
NIST CSF Updates Focus on Improving Governance
Last year, the National Institute of Standards and Technology (NIST) made it known that the organization was reevaluating its cybersecurity framework (NIST CSF). In late February, the updates to the framework became public, and organizations are now working to understand what NIST CSF 2.0 means for their security practices.
It is important to note that NIST CSF is not a government regulation — which is to say, there is no penalty for noncompliance. Rather, NIST CSF is a voluntary framework that organizations can use to measure the maturity of their security program, complete with tips and recommendations for how certain areas of security can be strengthened.
NIST is not the only organization to publish security recommendations — advisory groups like MITRE and OWASP have freely available guidelines of their own, and frameworks like SOC 2 and ISO 27001 have become all but mandatory for organizations that manage significant amounts of data. But NIST CSF is considered to be the most widely used framework, with a recent study finding that nearly 50% of businesses map their security controls to the recommendations outlined in the framework.
Traditionally, NIST CSF has focused on five core functions: Identify, Protect, Detect, Respond and Recover. While important, those functions are primarily aligned with incident response, which meant there was not really a way for security teams to customize their approach according to their specific circumstances, such as industry, company size or program maturity.
This article originally appeared in the May / June 2024 issue of Security Today.
This post was originally published on 3rd party site mentioned in the title of this site