Not All Cyberattacks Begin with a Phishing Attack, Hack or Exploited Vulnerability

• The strongest cybersecurity strategy includes robust physical security, since not all cyberattacks begin with a hack.
• Physical security is a crucial yet often overlooked part of any organization's defense-in-depth approach.
• Improve your physical security and cybersecurity posture with a comprehensive guide that aligns with NIST and ACSC standards.

In a day and age when cyber threats are top of mind, it may be difficult for an organization to shift gears and take its physical security precautions into consideration. This is to protect not only a firm’s physical assets but direct access to networks and information that an attacker could use at a later date for a cyberattack.

To help with this mental reset, Trustwave Security Colony has created a “How To” policy guide that helps organizations establish a defense-in-depth approach to securing their Information and Communication Technology (ICT) environment, specifically, and their facilities overall.

The policy aligns with applicable requirements from the National Institute of Standards and Technology (NIST), Cybersecurity Framework (CSF), and the Australian Cyber Security Centre's (ACSC) Strategies to Mitigate Cyber Security Incidents (collectively known as the 'Essential Eight').

Security Colony is available as a standalone platform or integrated with Trustwave’s Managed Detection and Response (MDR) solution, helping organizations improve their cybersecurity resilience efficiently.

The Basics

Let’s start with the following overarching principles that should govern an organization’s approach to the physical security of its ICT areas. While these may appear obvious, a solid physical defense has to start with these building blocks in place. Such a defense involves the design and operation of physical security controls for facilities, focusing on measures to discourage and prevent unauthorized access, detect such attempts, and activate an appropriate response.

5 Key Requirements for Physical Security

1. Physical Access Control to Premises

• Physical access controls, such as barriers, walls, alarms, and secure doors, must be used to secure and separate areas where systems, facilities, and information are housed.
• Authorized employees should use an access token, such as a key card or PIN, to enter premises and facilities.
• A register of all access requests issued to employees and contractors must be maintained and secured. This register should include a unique identifier for the request, details of the person it was allocated to, and the dates it was issued and returned.
• Install surveillance cameras (CCTV) at all external entry and exit points, as well as in internal areas where sensitive data is processed or stored.
  
  

2. Securing ICT Assets

• Laptops and other portable devices, such as mobile phones, tablets, and external hard drives, must be secured when not in use.
• Organizations must protect ICT equipment from environmental threats and hazards. This includes implementing backup controls, such as Uninterruptible Power Supplies (UPS), to protect against utility disruptions.
• When transporting ICT assets, they must be protected and handled only by authorized personnel.
• Any ICT equipment that will be unused for an extended period should be stored in a secure location.
• Security erase storage media on ICT equipment before disposal or reuse.
  

3. Document Security

• Place physical copies of records in a secure location, such as a locked filing cabinet.
• Physical documents containing sensitive information must be destroyed when no longer needed, in accordance with the organization's Document Security Policy.
  
  

4. Visitor and After-Hours Access

• Upon arrival, the visitor's details, including their name, company, and the name of the employee they are visiting, must be recorded.
• Visitors should be issued a proximity card and be accompanied by an employee at all times. The proximity card must be prominently displayed.
• For after-hours access, employees must obtain pre-approval from their manager and complete the corresponding form. They must also have a work buddy with them on-site.
  
  

5. Network Ports and Wireless Access Points (WAP)

• Physical network ports should be obscured to prevent unauthorized access to internal network resources.
• Unused network ports in publicly accessible areas, such as conference rooms and reception areas, must be disabled.
• WAPs should be out of sight and not easily accessible.
  
  

These guidelines apply to all employees, third parties, and contractors who may visit the premises and be in proximity to the company’s information or systems. Adherence to this standard is crucial for maintaining a strong security posture. A serious breach of these policies may result in disciplinary action, including termination of employment.

Trustwave Security Colony

Trustwave Security Colony is a cybersecurity collaboration and resource platform designed primarily for CISOs and security professionals. It provides access to a vast library of cybersecurity content, including:

• A Comprehensive Resource Library: Access to a vast collection of documents and tools covering various cybersecurity topics, including incident response playbooks, compliance guidelines, security maturity assessments, and more.
• Real-World Insights: Benefit from practical knowledge and experience gained from real-world consulting engagements, ensuring the resources are relevant and effective.
• Enhanced Decision-Making: Make informed decisions based on expert insights and best practices, helping organizations stay ahead of emerging threats.
• Improved Security Posture: Strengthen your organization's security posture by implementing recommended practices and leveraging the provided tools.

These resources are derived from decades of real-world consulting work by Trustwave’s security teams and SpiderLabs researchers.