Strengthening the backbone: the role of physical security

More than one in five businesses experienced a cybersecurity attack in the 2021–22 financial year, compared with fewer than one in 10 through 2019–20, according to recent ABS data.

This alarming lift indicates a need for mitigation against attacks and data breaches. New measures and government-backed bills were introduced in 2023 to protect digital property and ensure businesses that host data are doing their part to deliver a multi-layered best practice approach to risk management — or risk paying the price.

The great technology shift

Technology is shifting rapidly, requiring businesses to do the same and stay ahead of criminal attacks. Across ANZ, security has become an increasing priority for public and private sectors due to a series of high-profile attacks and breaches. What is less reported, however, are the smaller and lesser-known organisations that also face major attacks but are potentially less prepared for the outcomes.

By utilising access to real-time data and establishing a culture of security across all levels of businesses, organisations can proactively address and mitigate potential problems before they develop.

High-profile attacks, including last year’s Optus breach, inevitably lead to discussion on Australia’s data security policies, assessments and the rules organisations must use to handle them. As reported on the ABC’s 7.30 program at the time, Minister for Home Affairs Clare O’Neil said the Optus breach could have been avoided. She suggested the attack was “basic” in its nature and went on to claim that Optus “left the window open” for cybercriminals.

Ultimately affecting 9.8 million customers, the breach changed how major businesses are expected to protect the critical infrastructure they develop and maintain, both digitally and physically. Optus faced considerable repercussions including fines and a class action lawsuit, in addition to loss of loyalty and reputational damage — an impact with long-lasting effect, with the brand named as Australia’s least trusted according to a Roy Morgan Research study released in June 2023.

These attacks highlight the importance to overhaul security strategies to mitigate threats — by strengthening all aspects of critical infrastructure protection, including both physical security and cybersecurity.

Revision of the rules and requirements

The Department of Home Affairs is the lead Australian Government agency responsible for the Critical Infrastructure Centre. It manages the Trusted Information Sharing Network (TISN) — an environment where businesses and government can share learnings and information on critical infrastructure vulnerabilities and techniques to mitigate risk.

The high-profile attacks of recent months placed even greater pressure on the importance of infrastructure security, leading to development of the Australian Government’s 2023 Critical Infrastructure Resilience Strategy. The strategy comprises a policy statement and a plan for practical implementation, with the aim of ensuring the continued operation of critical infrastructure in the face of all hazards.

The five-year strategy was developed by the Cyber and Infrastructure Security Centre (CISC) and the critical infrastructure community to guide Australia’s critical infrastructure interests from 2023 to 2028. It recognises and recommends that successful threat mitigation — both online and off — requires a cyber resilience strategy that encompasses all areas, including physical security.

Physical security contributes to the strategy by mitigating vulnerabilities and risks by improving security onsite. By increasing ground security, heightening use of access controls and physically stopping unauthorised personnel from getting access to restricted equipment, businesses can reduce the repercussions of reputational damage, loss of trust and lawsuits, before attacks occur.

Creating a digitally supportive culture with the help of a third party

Third-party providers are valuable sources for organisations to gain a holistic understanding of the critical infrastructure bill. They provide expert guidance on compliance with regulations, rules and guidelines, to create a stronger risk management program. The objective of a third-party provider is to collaborate with you to ensure all resources have been successfully delivered to mitigate organisational risk. They do this by providing access to real-time data for organisations to gain a holistic view over all security operations, including access control information, CCTV recordings, physical guarding and complete business operations.

Greater visibility through advanced technology means the security solution can proactively identify risks, address issues quicker and prevent them from arising.

Partnering with a specialist who understands the pivotal role of physical security in strengthening cybersecurity plans is foremost. They can take direct control of the physical security of an organisation and create a systemised schedule of guarding routines to ensure all areas of a site are protected, leaving you with peace of mind in the knowledge that your data is secured onsite, allowing you to focus your efforts on your core business.

Image credit: iStock.com/Ignatiev