Gartner predicts that the financial impact of Cyber-Physical Security System attacks will reach over $50 billion by 2023.
Today’s Security and Risk Managers are often fixated on IT and data protection and fail to address evolving cyber-physical threats and vulnerabilities. Due to the nature of Cyber-Physical Security Systems, incidents can quickly escalate and cause physical harm to people, property, and sensitive business assets – and Gartner analysts predict that these incidents will spike in the coming years due to a lack of security focus and spending currently aligning to these assets.
What are Cyber-Physical Security Systems?
Gartner defines Cyber-Physical Security Systems (CPSs) as “systems that are engineered to orchestrate sensing, computation, control, networking, and analytics to interact with the physical world (including humans). They underpin all connected IT, operational technology (OT) and Internet of Things (IoT) efforts where security considerations span both the cyber and physical worlds, such as asset-intensive, critical infrastructure and clinical healthcare environments”.
According to Gartner, by 2023, 75% of organizations will restructure risk and security governance to address new cyber-physical security systems (CPS) and converged IT, OT, Internet of Things (IoT), and physical security needs. SRM leaders inevitably need to develop a compelling and unified vision and strategy for cyber-physical security systems.
- Vision Statement: Organizations should create vision statements that are concise, clear, relevant, and goal-oriented. These statements should incorporate individual company goals and consider technology/environmental trends specific to the market and its unique risks.
- Current State Assessment: Organizations should gain insight into the situation by reaching out to anyone involved in the CPS to ask questions. These questions, which may cover risk, compliance, decision making, etc. will identify any improvements that need to be made.
- Gap Analysis: According to Gartner, ‘the gap analysis should focus on culture, governance, skills, and business impact analysis and should act as a bridge between the vision statement and current state assessment. This step should be thought of as an overarching strategic shift rather than small tactical changes and should lay a solid foundation for future decisions.
- Prioritization: After identifying the tasks that must be completed, prioritization is a crucial next step. Gartner recommends splitting these activities into 2 groups: activities that SRM leaders can complete on their own, and activities that would require organizational investment.
- Approvals: For the activities that require buy-in from the organization, approvals are necessary. To obtain these approvals, it is important to outline the rationale, organize the approach, engage with stakeholders before presenting to senior management.
- Reporting: Reporting is an extremely important step in maintaining an effective CPS strategy, and according to Gartner, should focus on measuring “safety, operational resilience, physical security or supply-chain-security measures”.
- Continuous monitoring: As outlined above, the security and risk management landscape is always changing. New things risks are coming up every day, which means that no security strategy is flawless. This fact is what makes continuous monitoring and adjusting to changes so important.
The Gartner report How to Develop a Security Vision and Strategy for Cyber-Physical Systems provides a detailed strategic plan to formalize this process, which highlights 7 crucial steps to ensure that managers emerge with the best possible CPS strategy:
Here at BioConnect, we completely agree with this approach. We are passionate about creating systems that grow with you and your company’s ever-changing strategies, which is why we built BioConnect Enterprise 5.0. This is the only scalable, integrated and adaptable user authentication platform providing centralized cyber-physical security for complex data infrastructures. Our CPS security platform delivers future-proofed protection from ever-changing risk landscapes and compliance standards.