Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Let’s Get Physical with Security Requirements

Not every criminal illegally entering a business is looking to steal cash, equipment, or merchandise; some are looking to take something a bit more ephemeral. This scenario is particularly true for organizations, such as offices, insurance offices, or law firms not traditionally targeted by your everyday, run-of-the-mill burglar. The threat actors are out for information, giving them access to the organization’s network, which can lead to serious damage.

Adding to the problem is that as organizations continue to struggle with the growing number of cyberattacks, the focus on physical security has dwindled, catching many organizations unprepared.

While threats such as ransomware, social engineering, unsecured cloud computing configurations, and network vulnerabilities remain important challenges for cybersecurity teams, the threat of an unauthorized person walking into an unlocked office and stealing or accessing IT devices is equally significant and yet, underestimated.

A stolen device or unauthorized access can have far-reaching consequences for businesses. Without proper attention to physical security, tracing the perpetrator or preventing such attacks can be difficult.


Keeping Up with the Times

With so many fluctuations between physical premises, hybrid, remote working, and digital transformation supporting these changes, it’s not surprising that some organizations haven’t evaluated and enhanced their existing physical security measures as they have with cybersecurity. However, the risk is still present, so organizations should act immediately to review and, where necessary, improve their physical security measures to ensure they’re protected across all risk factors.

Physical security focuses on designing and implementing measures that prevent unauthorized physical access to an organization’s premises and resources. It’s a cornerstone of a comprehensive ‘defense in depth’ approach to securing an IT environment.


A Solid Defense Starts at the Front Door

The concept of ‘defense in depth’ looks at how security vulnerabilities can be exploited, from hardware and software to human factors. Cybersecurity professionals understand that depending on a single control measure is risky. Layered controls ensure that if one is compromised, it doesn’t mean disaster for the entire system. This mentality should extend to the entire physical organization.

Of course, digital protection measures such as antivirus software, secure gateways, firewalls, and virtual private networks (VPNs) remain crucial. Incorporating advanced digital strategies such as machine learning to monitor for behavioral anomalies provides an added layer of security.

Leadership teams should also assess whether similar approaches have been applied to address any physical vulnerabilities. For example, a combination of manned entry points, locked facilities, cameras, and security alarms offers robust protection. It’s unlikely that a physical intrusion will occur simply to steal a laptop. Instead, these malicious actors commonly look for a way to access data or install malware inside the organization’s physical perimeter, where some protections may be lacking.


Pen-Testing-PromoIdentify threats, vulnerabilities, and cybersecurity risks with Trustwave's Penetration Testing.


Bad Guys Like to Keep it Simple

The most devastating and stealthy approaches are often very simple. For example, a threat actor does a quick LinkedIn search and identifies the top sales executive of an organization. Armed with their name and pretending to have a lunch appointment, they approach the receptionist, asking for directions to that employee’s workstation.

Once granted access, they could potentially gain entry to server rooms, IT storage areas, or network closets. Without effective physical security measures to stop them, this unaccompanied and unauthorized individual could cause widespread damage. By the time the damage is apparent, the threat actor is long gone.


The Magical Usefulness of Locks

Organizations don’t necessarily have to invest in expensive cameras and alarm systems or employ an army of security personnel. They can take several basic hygiene measures immediately to lower their physical security risk without adding significant cost.

For example, locking all IT devices, from laptops to USB drives, in a secure storage space so that valuable data can’t be accessed can prevent many attacks. This extends to networked printers, which should be locked away as they can be vulnerable when left in publicly accessible areas. Similarly, network ports and wireless access points should be hidden from plain view and disabled in public areas to prevent unsanctioned access.

Finally, staff should securely erase storage media such as hard drives, USB drives, or any device with onboard storage before disposal or re-use by the NIST 800-88 Revision 1 Secure Deletion and Disposal Standard.

As the boundary between the digital and physical worlds becomes increasingly blurred, adversaries quickly exploit vulnerabilities wherever they find them. A multi-dimensional, multi-layered defense strategy is critical. By bridging the gap between cyber and physical defense, organizations are better equipped to face an ever-evolving threat landscape.


A version of this article originally appeared in Security Brief Australia.

Latest Trustwave Blogs

Why Vulnerability Scanning is an Offensive Security Program’s Secret Weapon

Knowing what you don’t know is the key to keeping an organization safe and the best method of doing so is with an offensive security approach that includes vulnerability scanning. By being proactive...

Read More

Upcoming Trustwave Webinar: Maximizing the Value of Microsoft E5

Many organizations license Microsoft 365 E5 to obtain its productivity features, which makes perfect sense because that is what the tool is known for. However, E5 also shines in the security realm...

Read More

Comparably Honors Trustwave with Leadership and Career Growth Awards

Comparably, the leading workplace culture and compensation monitoring employee review platform has recognized Trustwave with two major awards: 2024 Best Companies for Career Growth and 2024 Best...

Read More