Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Creating a Physical Security Standard for Your Company

Cybersecurity is the pressing concern most organizations face when it comes to securing data, but not every hacker launches an attack from thousands of miles away; sometimes, the threat can walk right in through the front door to gain access to your IT system.


Adversaries are not shy about using a more direct approach, which is why an organization should not overlook its physical security plan. Generally speaking, physical security involves designing and operating physical security controls for premises, largely through implementing measures to discourage and sufficiently prevent unauthorized access, as well as measures to detect attempted or actual unauthorized access and activate an appropriate response.


Physical security is a key component in any organization's defense-in-depth approach to securing its IT environment. Insufficiently secured premises can lead to damage, theft, unauthorized access, or modification of IT assets.


One of the many resources available through a Trustwave Security Colony account is a step-by-step methodology to check if your organization is taking basic precautions.


Defending Against All Methods of Attack


Utilizing a defense in depth is a common practice for cybersecurity teams. Still, it's also important in the "real world," where an unlocked door or easily accessible computer can lead to disaster. Using 'layered' controls so that the compromise of any single control won't result in catastrophic failure or loss.


In cybersecurity, defense in depth tackles the security vulnerabilities that arise not just from hardware and software but also from human factors, given that security breaches are frequently a result of negligence or human mistakes. Classical safeguards for corporate networks, like antivirus software, firewalls, secure gateways, and virtual private networks (VPNs), undeniably retain their importance in a defense-in-depth approach.


Nonetheless, more advanced techniques, including the application of machine learning (ML) to identify irregularities in employee and endpoint behaviors, are currently being employed to establish the most robust and comprehensive defense strategy.


A hardened physical defense means manned entry points, locked doors, and alarmed gates at different levels of the perimeter is an example of such layers and using proven industry standards and frameworks where possible with this policy informed by ISO27001:2013 7 Physical and Environmental Security and COBIT.


The Unguarded PC as an Entry Point


A cyber threat actor is likely uninterested in gaining entry to a building just to steal something, this individual wants access to what is behind the curtain, and an easy way to obtain this is by using the target's own computer system.

This means an organization must use physical access controls to secure and segregate areas where systems and information are housed.


Here is a normal yet potentially dangerous scenario. A quick LinkedIn search finds the name of a person working at XYZ Inc. Armed with this name, a threat actor walks up to the reception area and says he has a lunch date with that employee, and could the receptionist point out where the person sits? If the receptionist does so, this supposed friend now has access to the following:


  • The office space and its workstations
  • DC/Server Rooms
  • Wiring and Network closets
  • Control Rooms and equipment
  • IT Build and Storage Areas.


The moral of this story is the human element is not only weak when it comes to falling for phishing attacks, so teach everyone to always be on guard.


Protecting IT Equipment from Intruders


It's a bit of a no brainer, but often the obvious is easily overlooked. IT equipment must be stored securely. Staff who use laptops must take that device with them when they leave the premises or secure them using lockable drawers or cable locks. Other portable devices like mobile phones, tablets, USBs, and external hard drives must be locked away when not in use.


Even the ubiquitous printer, which is almost always connected to the network, should be placed in a controlled access area, away from spaces open to the public or visitors.


Information assets (computers, network devices) should never be removed from the premises without the device owner's explicit permission.


Combination locks, if used to store IT equipment, must meet the following requirements. Guess what? An old-fashioned combination lock is really no more than one more password-protected layer of defense.


So, just as users must regularly change network passwords, the same holds true for this style of lock. Buy locks with adjustable combinations, or simply buy a new lock when needed.


Network Ports and Wireless Access Points must be sufficiently obscured, so install them out of immediate sight. Leaving them exposed increases the risk of unauthorized devices or individuals accessing internal network resources. Another good move is to disable network ports in public areas and areas accessible to visitors.


IT equipment also must be protected from environmental hazards, interference, and disruption. 

For example, staff should store IT equipment in a secure location where the risk from environmental threats and hazards is minimal. Segregate power and telecom cabling to protect from interference, and label cables clearly to avoid accidental damage.

Implement security/backup controls to protect equipment from disruptions caused by the failure of utilities (power, A/C, telecom, etc.). All data centers and critical operations areas must have appropriate controls to mitigate the risk of fire, water, heat, or power loss risks.


Let's Get Physical


Keeping equipment safe does not end there. Companies move, acquire new office space, or staff starts to work remotely. This activity means equipment will be moved about and must be transported securely. 


When assets containing company information are physically handled and transported to and from different geographic locations, those assets must be protected in transit, and only handled by authorized persons during transport.


Device storage is also an issue. Even when unplugged and gathering dust in a closet, a computer retains its valuable information. So, any IT equipment that will be unused for an extended period must be properly secured.


Finally, staff must securely erase storage media such as hard drives, USB drives, or any device with on-board storage prior to disposal or re-use in accordance with the NIST 800 88 Revision 1 Secure Deletion and Disposal Standard.


The Takeaway


It's imperative that an organization's information security posture encompasses not only digital defenses but also the physical security measures that safeguard its assets from real-world threats.

As the digital landscape evolves, adversaries seek vulnerabilities in both virtual and tangible domains.


Recognizing that data breaches can occur through physical means and cyberattacks, it becomes evident that a comprehensive defense strategy requires a multi-layered approach. Just as the principles of defense in depth are vital to cybersecurity, so are they integral to physical security. 


By establishing robust access controls, employing industry standards and frameworks, and implementing best practices such as those outlined in ISO27001:2013 and COBIT, an organization can bolster its cyber and physical defenses.




Latest Trustwave Blogs

Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator’s Conviction

Two positive steps were taken last month to limit the damage caused by phishing and Business Email Compromise (BEC) attacks when a joint action by UK and EU law enforcement agencies compromised the...

Read More

Defining the Threat Created by the Convergence of IT and OT in Critical Infrastructure

Critical infrastructure facilities operated by the private and public sectors face a complex and continuously growing web of security threats that are compounded by the increasing convergence of...

Read More

Behind the MDR Curtain: The Importance of Original Threat Research

Searching for a quality-managed detection and response (MDR) service provider can be daunting, with dozens of vendors to choose from. However, in its 2023 Gartner® Market Guide for Managed Detection...

Read More