The convergence of physical and IT security

“The age of IoT and AI means that physical and IT security are no longer separate domains. Instead, everything is connected, and you need to converge your security leadership, teams, capabilities, and technologies to navigate the evolving risk landscape,” said Fred Streefland, Director of Cybersecurity and Privacy at Hikvision EMEA.

Until recently, physical and cybersecurity domains were separate from one another. Security teams, access control systems, and CCTV systems were used to physically secure buildings – from data centers to factories and warehouses. And IT teams looked after IT and network security with firewalls, anti-virus software, and data encryption technologies.

But as organisations have forged ahead on their digital transformation journeys, innovative technologies such as IoT and AI have blurred the lines between physical security and cybersecurity: a trend that’s set to continue long term.

Why IoT is increasing your physical and IT ‘attack surface’

When thinking about your overall security strategy, consider that your security cameras and other security infrastructure are now ‘IoT devices’ that are connected to the network. This gives criminals and hackers a much larger ‘attack surface’ for their activities, with multiple ways into your organisation.

For example, hacking or otherwise accessing a network-connected camera or other device can allow criminals to override physical security controls and enter restricted areas or buildings. Equally, hackers who can breach IoT devices on the network may be able to disrupt critical systems, steal data, install ransomware, or otherwise compromise your company’s operations.

Physical break-ins also pose major cybersecurity risks

Equally, criminals who manage to circumvent your physical security infrastructure can also gain access to IT equipment and systems housed in restricted buildings. This means they can extend the impact of their localised attack across the length and breadth of your network, causing untold damage and disruption in the process.

This is especially the case where server rooms are left open or unlocked within a building. The mission-criticality of the network, and the sensitive data stored in connected systems, means that much stronger security is needed for these kinds of facilities to ensure they are never accessed, even if intruders breach your building defenses.

Here are some examples of how physical threat vectors can compromise digital security:

– An infected USB drive is planted in a parking lot, lobby, etc., which an employee picks up and loads onto the corporate network.

– An attacker breaks into a server room and installs a rogue device that captures confidential data.

– An attacker pretends to be an employee and counts on a real employee’s courtesy to hold the door for him as they enter together.

– An inside actor looks over the shoulder of a system engineer as they type administrative credentials into a system.

The most well-known example of an attack on physical systems followed by an attack of IT systems is the hack on the retail giant Target in 2013. The attackers used an HVAC vendor’s credentials to compromise the network and ultimately the point of sale (POS) systems of this company. The attackers ‘entered’ the company via the Heating, Ventilation & Air Conditioning (HVAC) systems and managed to compromise several millions of credit cards of Target customers, which caused the resignation of the CIO and CEO of Target.

 

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Hikvision

Hikvision Introduces X-ray Baggage Inspection System

Hikvision India has recently introduced X-ray Baggage Inspection System with AI- enabled Intelligent Recognition Capabilities…
Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
Scroll to Top