Why Is Physical Security Vital for Data Security?
Modern businesses hold on to an increasing amount of sensitive and sometimes confidential data. As a result, they’ve had to invest in new technology and practices to keep that data safe.
Many of these businesses, when developing their data security or cybersecurity protocols, focus on the security of their hardware, software and business network. Prioritizing these assets is essential — however, if physical security gets left behind, even the best digital tech may not keep a company’s data safe.
There’s practically no stopping someone with physical access to your data storage from stealing info or compromising your business network.
This is why companies that prioritize digital security also need to carefully consider physical security — and what may happen when physical security is neglected.
Physical Access Can Allow Criminals to Bypass Even the Best Digital Security
It’s almost impossible to protect any device from a physical attack. If a hacker has sustained access to device hardware, they’ll be able to breach its defenses eventually — potentially giving them access to the information on that device, as well as any stored security credentials.
Devices that are digitally secured but not physically secured — like a laptop left behind in a coffee shop, or an IoT sensor in an unlocked case — can provide a valuable vector of attack for hackers. In some cases, that vector may be all they need to create serious trouble for a company.
In some cases, poor building security may enable hackers to sneak into server rooms or gain access to off-site devices, like IoT sensors. Often, hackers also gain access to hardware either by theft — for example, swiping a laptop left sitting in a coffee shop — or by using social engineering to gain remote access.
Even large devices that are rarely moved or accessed by staff — like servers in a data center — can be at risk.
This is why large, high-budget data centers often have what’s colloquially called a mantrap — a set of two interlocking doors, somewhat like an airlock, that one has to pass through to reach the server hardware. These doors serve as a final access check for the data center and help to minimize the risk of unauthorized server access.
These threats aren’t an abstraction — hackers and other criminals have used physical access to steal data in the past.
In 2015, for example, hackers stole five servers from the offices of a British charity, PlanUK. Those servers contained a wealth of information on donators, including names, addresses, bank account numbers and sort codes.
In 2018, the theft of a laptop exposed the data of more than 43,000 patients of the West Virginia-based Coplin Health System — part of the reason that laptop theft is ranked the number one cause of health data breaches.
Valuable Hardware and Essential Systems May Be at High Risk
Hackers may also use physical attack vectors if they need to gain access to critical infrastructure, which may otherwise be air-gapped from internet-connected systems and impossible to attack with digital-only methods.
This is part of why major physical security manufacturers dedicate entire product lines to physical security for nuclear power plants, for example, or airports or international organizations — and why those kinds of institutions take physical security so seriously.
Enterprise-grade computer hardware can also be very valuable — making that hardware a major target. While you may expect criminals to be driven more by data or network access than by the resale value of your servers, theft for resale or reuse has happened before.
In 2018, for example, Icelandic criminals stole 600 bitcoin-mining servers in one of the biggest tech heists on record. Rising cryptocurrency prices may encourage some criminals to plan similar heists of powerful hardware. Owners of data centers, rendering farms and other facilities with high-value hardware should be aware of these risks, as well as how good physical security is necessary to keep their hardware safe.
Using Physical Security to Complement Your Digital Security Planning
Without strong physical security practices, your data can be vulnerable — even if you have a great digital security plan in place.
Hackers, when faced with strong cyber defenses, sometimes turn to physical attacks to gain access to critical hardware. In other cases, they may also be after the hardware for sale or personal use.
Even a basic physical security plan — one that involves ID verification and access control — can go a long way in complementing a digital security strategy and keeping data safe.