Large organizations, with their complex networks and vast data stores, have always faced ongoing cybersecurity challenges that require sophisticated solutions. But as enterprises continue to embrace digital transformation, security has never been more important. As more assets and processes go online, companies must implement new methods to keep them safe. Part of the answer remains tried-and-true methods, including organizational vigilance and employee education. But the digitization of workplace and facility management means there are now more data sets organizations can leverage to strengthen overall security.
The growing importance of cybersecurity for larger organizations
In a report titled “2023 was a big year for cybercrime”, the World Economic Forum says the global cost of online crimes is set to surge to $23.84 trillion by 2027, up from $8.44 trillion in 2022, based on data from Statista, the Federal Bureau of Investigations, and the International Monetary Fund.
Large companies manage vast amounts of sensitive data, including personal information of customers, proprietary business information, and financial records, making them attractive targets for cybercriminals. A breach can create significant financial losses, reputational damage, and legal consequences tied to cybersecurity regulatory requirements. Effective cybersecurity measures help ensure business continuity, maintain customer trust, and protect against the fallout of cyber-attacks.
Cybersecurity is also important because of the many ways it is interconnected with physical security. As a growing number of companies embrace digitalization, more of their people and processes are online, so they need to be aware of and ready for new challenges.
Common misconceptions about cybersecurity
Improved safety starts with a deeper understanding of what cybersecurity is – and isn’t.
One of the more common misconception is that cybersecurity is the exclusive responsibility of the information technology (IT) department. While the IT department plays a critical role, they can’t do it all. Cybersecurity is a shared responsibility, and every department across the enterprise is involved. In fact, every employee has a role to play in protecting the company. For example, employees need to be aware of the latest cybersecurity threats and how to protect themselves from them. They also need to be careful about what information they share online about themselves and the company.
Another common misunderstanding is that cybersecurity is a one-time investment. Cybersecurity is an ongoing process because the threat landscape is constantly changing, so companies need to constantly update security measures to stay ahead of the curve by implementing software patches, updating security policies, and training employees on the latest threats.
Blurring the lines between physical and cybersecurity
One of the largest misconceptions is that cybersecurity is only about protecting your network and data. While that’s an essential part of the process, it’s only one piece of the puzzle.
Cybersecurity also involves protecting:
· People
· Processes
· Physical assets
For example, a cybercriminal could gain access to your network through a phishing attack, then use that access to steal sensitive data, or even disrupt your operations. They could steal credentials online, and then use them to gain physical access to your facilities. Or, working in reverse order, they would break into a facility to then have easier access to sensitive material through an unprotected onsite terminal.
Again, as companies progress along their digital journeys, the lines between cybersecurity and physical security begin to blur. When your manufacturing plant is full of assets and equipment connected through the Industrial Internet of Things (IIoT), a cyberattack is just as much a threat as someone breaking into the facilities to steal feed stock. When all the cars in your fleet can share their locations through GPS, a skilled hacker is now just as dangerous to your bottom line as a motivated thief with a Slim Jim used to be.
How to strengthen cybersecurity: Existing systems, current best practices
In today’s security landscape, cybersecurity has become a critical concern for large enterprises. With the rise of sophisticated cyberattacks, it is essential for organizations to take proactive measures to protect their sensitive data and infrastructure.
· Conduct regular security audits: Regularly conducting comprehensive security audits is a crucial step in identifying vulnerabilities and potential security risks within your organization. Audits help organizations assess various aspects of IT infrastructure. By identifying vulnerabilities early on, you can take the necessary steps to mitigate risks and prevent potential breaches.
· Implement multi-factor authentication (MFA): MFA adds an extra layer of security to your organization’s systems and data. By requiring users to provide multiple forms of identification, such as a password, a security token, or a biometric identifier, MFA significantly reduces the risk of unauthorized access to sensitive information.
· Educate employees: Educating your employees about common cyber threats, such as phishing emails and social engineering techniques, helps them identify and report potential security incidents. Conduct regular training sessions and awareness campaigns to ensure employees understand their role in maintaining the organization’s security.
· Install up-to-date security software: Regularly updating your antivirus, firewall, and intrusion detection systems ensures that you have the latest protection against emerging vulnerabilities. Additionally, consider implementing a security information and event management (SIEM) system to monitor and analyze security logs for potential threats.
Companies need to follow a different set of steps when implementing new systems.
How to strengthen cybersecurity: New systems, additional data sets
Remember, security isn’t the sole responsibility of the IT department. It’s shared across departments — and often includes third parties. For most organizations, it’s faster, easier, and less expensive to work with cybersecurity partners instead of trying to do everything in-house.
James Carder, Chief Information Security Officer at Eptura, explains how working with a trusted partner helps organizations meet multiple goals simultaneously: “It’s clearly a matter of getting all your boxes checked. Your compliance boxes, your security boxes, all these at a cost that’s significantly less than what it would be for you to buy an on-premises solution and deploy it and secure it and make it compliant.”
But companies that want to maintain a high level of security need to establish processes for choosing and working with software vendors.
Finding a software vendor that can protect you and your data
When selecting a software vendor, it’s essential to conduct thorough research and consider several key factors. First and foremost, evaluate the vendor’s track record in providing reliable and effective security solutions. Look for a vendor with a proven history of success in the cybersecurity industry and a strong reputation for delivering quality products and services.
Another crucial factor to consider is the vendor’s cybersecurity expertise. Assess their technical capabilities, certifications, and industry affiliations to ensure they possess the necessary knowledge and skills to address the specific security challenges large enterprises encounter. Look for vendors that employ experienced cybersecurity professionals and invest in continuous research and development to stay ahead of threats.
Data privacy policies and compliance with industry standards are deciding factors. Carefully review the vendor’s data handling practices, privacy policies, and security measures to ensure they align with your organization’s data protection requirements. Look for vendors that are transparent about their data usage and adhere to industry-recognized security standards.
For American government agencies, the FedRAMP marketplace simplifies the process of finding solutions.
“You actually are building an information system for federal government use and the government is authorizing that system for use for federal data,” explains James Masella, Vice President of Compliance Advisory Services at Coalfire, a provider of IT security assessments for many security standards and payments frameworks and programs, including FedRAMP support.
After passing an extensive audit process, vendors join the FedRAMP marketplace, where agencies can easily find and procure services without having to do additional research or due diligence. So, Department of Homeland Security (DHS), Department of Defense, or healthcare organizations including the Centers for Medicare & Medicaid Services (CMS), for example, can purchase products from vetted vendors while reducing the costs associated with designing, deploying, and maintaining IT.
In the end, a proactive approach to finding cybersecurity partners is essential for private enterprises and government agencies that need to protect assets, maintain trust, and ensure continuity in the face of evolving threats.
Leveraging additional data sets to improve overall security
As the lines blur between physical and cybersecurity, there are opportunities for facility managers to work with IT departments and third-party software providers to increase security.
Traditionally, organizations set up three distinct, siloed technology architectures at a facility:
· Cybersecurity
· Physical systems
· Integrated workplace management system (IWMS)
Cybersecurity architecture can include workstations, firewalls, virtual private networks (VPNs), and other security appliances. Physical system architecture includes combinations of cameras, badge readers, door sensors, and fire detection and suppression systems.
A modern facility management architecture includes a robust feature set, with systems for asset tracking, desk and room booking, visitor management, occupancy and utilization tracking based on sensors and Wi-Fi logins, space planning, and move management. Added to these data sets are ones from IIoT assets and equipment as well as operational technology (OT), hardware and software that detects or causes changes by directly monitoring assets, processes and events.
Using all this captured data, organizations can create baselines for specific activities. Strong deviations suggest security breaches the appropriate teams can quickly investigate.
For example, a company can create occupancy and utilization baselines from sensor, desk and room booking, visitor management systems data. They might see trends in line with those from Eptura’s collection of Workplace Index reports, where employee behavior creates a midweek mountain. Or they might find their facilities fall outside industry trends.
Digging deeper into the data, they can look at trends for specific controlled-access doors, especially those for server rooms or other locations housing sensitive equipment or information.
How many times a day on average do employees access that space? Is access more common in the morning, afternoon, or after hours? Is there a day when the door tends to see more traffic? Also: How often is access denied? Are there a lot of employees accidentally swiping their badges there?
Once they have these baselines, they can monitor for deviations. A sudden uptick in access on days or at times with traditionally fewer people around suggests the possibility of covert activity. A sudden increase in the number of access denials could mean someone is carefully cycling through a collection of stolen badges to find one that works.
Connect, network, and learn at GSX with Eptura
Right now, security is top of mind for many, with experts coming together for Global Security Exchange (GSX) 2024 September 23- 25. The annual event includes the top-tier of the worldwide security industry, and features opportunities for education and networking.
Eptura’s Richard Noel, Director of Security Operations & Infrastructure, will be presenting with Zack Rowland, Manager of Security Operations & Infrastructure, on the key security strategies for workplace decision-makers. They’ll cover the most important trends in security, the biggest challenges facing industry, and then share concrete steps companies can take to improve overall security.
Join us at Booth 1948 to learn more about our integrated, cloud-based worktech platform packed with robust feature sets for workplace, facility, and maintenance management, including occupancy sensors and visitor management
By Erin Sevitz
Erin has 15 years of experience, including 10 years in thought leadership on workplace management and the built environment. In her current role she oversees teams responsible for worktech insights and engaging Eptura’s 16,000 customers worldwide. Previously she led communications for the International Facility Management Association, a global industry nonprofit dedicated to professional development for workplace strategists, building managers, and corporate real estate.
