As the world becomes more interconnected, disparate systems and divisions are becoming more vulnerable to security threat. Security leaders who operate in silos lack a holistic view of security threats targeting their enterprise, so when it comes to risks like exposure of proprietary information and economic damage, it’s no longer a matter of if…but when.
In fact, the US government recently sounded the alarm on the evolving threat landscape. The Cybersecurity and Infrastructure Security Agency (CISA)—which essentially acts as the quarterback for the federal cybersecurity team and helps to secure the nation’s critical infrastructure against threats—wrote about the importance of conversion in their latest playbook.
The Cybersecurity and Infrastructure Security Convergence Action Guide dives into the complex threat environment created by disjointed cyber-physical systems, and the impacts this has on organizations’ security functions. More importantly, it provides a framework that organizations can use to adopt a holistic cyber-physical security approach (…more on that in a few).
But what exactly do they mean by convergence? In their words, convergence is a formal collaboration between previously disjointed security functions. Below is a CISA diagram that visualizes the increasingly interconnected cyber-physical systems of our critical infrastructure, thus creating a complex threat environment that requires a holistic cyber-physical security approach.
Image Credit: The Cybersecurity and Infrastructure Security Convergence Action Guide 2021
Big move. Small steps.
Organizations of all sizes and across all industries can get closer to convergence by creating an approach that’s tailored to their unique needs. Below is CISA’s framework for developing a holistic security strategy by fostering communication, coordination and collaboration:
Image Credit: The Cybersecurity and Infrastructure Security Convergence Action Guide 2021
Let’s put it in perspective: Back in January 2019, a large U.S. energy company faced major financial consequences when an internal probe revealed 127 security violations that ended up costing the company millions, all stemming from non-compliant security practices and lack of collaboration across organizational units. But they course-corrected by increasing oversight, restructuring roles, hosting discussion panels on best practices, adding resources to manage new efforts, and improving systems to track access and vulnerabilities.
But if you ask us, there’s a fourth defining factor that’s missing from the framework: technology. Disparate systems weren’t built to talk with one another, so manually bringing them together doesn’t ever work quite like we want it to. That’s where purpose-built cyber-physical security platforms like Guardian come in, making converged security not only possible but hassle-free as well—with no need to rip and replace the system you already use.
Take it from our Chief Security Officer, Mark Weatherford. “The organizational silos between IT, OT and physical security that have existed for decades are both ineffective and imprudent in today’s threat environment. The technology now exists to converge these historical gaps and provide more visibility, and therefore the ability to respond effectively, to threats in an organizationally collaborative manner that more broadly mitigates risk.”
Want to chat convergence? We’re ready when you are. In the meantime, check out this video and white paper for even more insight on how to eliminate silos and better prepare to identify, prevent and respond to threats.
English