Effective security programs need to focus on convergence of human, physical and digital security

Digital and physical security breaches are costing US companies more than $50 billion every single year. Many of these incidents happen because organizations adopt a one-dimensional security approach. This type of approach is inherently flawed. An effective security plan addresses risks and threats that come from fundamentally different places. The overlapping of threats is known as security convergence. The three converging or overlapping areas are human, physical, and digital. The following example demonstrates what happens when an organization ignores convergence.

In October 2008, an elite NSA team noticed a mysterious outgoing signal from within the US military’s classified computer network. The team eventually discovered that the signal originated from a program that had burrowed itself deep into the secure network. This server held a trove of classified US military information and intelligence. The program was quietly sending the classified information to an unknown third party. This was the largest digital security breach in the history of the US military. Despite the network having some of the most sophisticated security software in the world, the program had free rein. It had made its way on to thousands of classified systems and it took the NSA months to extract it. Eventually, the NSA discovered how the program was introduced to the server.

Getting the program on to the server did not require advanced technology or secretive hacking. In fact, it was much more simple. It is theorized that malicious actors left an “infected” USB thumb drive in the parking lot of a Department of Defense (DoD) facility in Kabul, Afghanistan. A DoD employee picked up the thumb drive and plugged it in to a computer on the secure network. From there, the program rapidly multiplied and infected every computer it could reach.

The breach became known as “Operation Buckshot Yankee”. It is still one of the largest digital security breaches in US military history. The security approach took in to account only one dimension: digital. It failed to account for the overlap of another dimension: human. The malicious actors Buckshot Yankee exploited the human element to completely bypass the incredibly sophisticated security software. The security plan employed by the US military fatally ignored convergence.

A holistic security plan employs a convergence-centric approach to security.

Understanding convergence is essential because security incidents are almost never one dimensional. The best digital and physical security systems in the world mean nothing if the humans operating those systems are not properly trained. Likewise, proper training can only go so far if the people aren’t materially equipped with the proper physical and digital security technology. The danger posed by a security approach ignorant of convergence is very real. A survey of over 4,100 organizations found that around two out of every three organizations suffered some kind of cyberattack. Despite this, less than three out of ten of those organizations had any kind of plan to address digital security threats.

Creating a holistic security plan is the first step in protecting you or your organization. Security companies, like Freedom Consulting, LLC, employ a convergence-centric approach to security. A convergence focused approach will ensure that all three dimensions are taken into account.  Freedom Consulting LLC is committed to assessing your corporate risks, threats and vulnerabilities across all three elements.  To schedule a security risk assessment or to speak with one of our security professionals please visit our contact us form or email us at: info@freedomconsultingservices.org