In the Telstra Security Report 2018, we found that over 99 percent of respondents who were responsible for cyber security indicated they are also responsible for electronic security.
While we believe the market is still taking its first steps towards realising the benefits of a truly converged approach, it’s undeniable that the traditional distance between these fields is rapidly shrinking.
We're offering up to two eligible organisations a complimentary day of consulting with one of our experienced security consultants, who can assist you to identify and manage the security challenges and risks within your business. The day involves up to eight hours physical security audit of a premises which includes a discussion with key stakeholders on site, and a detailed written report. Applications close 20 December 2018.Apply here
The move towards convergence
The move towards convergence is due to several factors, the foremost being the greater visibility of total organisational security created by ensuring the data from both electronic sources and traditional cyber security sources is considered in tandem. Businesses can link previously unrelated data to gain total contextual awareness across every facet of enterprise security. And the benefits are significant – from improved risk management and faster, more intelligent response, to more efficient use of resources and cost savings.
For many organisations, the key driver of security convergence is the connection of traditionally offline electronic security devices to the internet, such as alarms, CCTV cameras and door access systems. Not only does the security of these devices - as well as the data they generate - need to be considered, but as they can be connected together with an organisation’s cyber security operations, a converged approach allows organisations to increase their visibility while streamlining management.
67 per cent of Australian businesses have already unified their cyber and electronic security budgets, or plan to in the years ahead.- Telstra Security Report 2018
The rapid growth in IoT, particularly being integrated into smart buildings, factory processes or supply chains, is another driver, as connected devices continue to move outside of their traditional spaces in the workplace and create new opportunities for cyber criminals to gain access to a business’ network and data.
Devices themselves can also be attacked, as new strains of ransomware threaten to prevent the operation of vehicles, facilities or industrial equipment unless payment is made. In one notable example, hotel residents were locked out of their room by a smart access system until a payment was made.
These dual threats – a cyber breach via an IoT device hosted offsite, or a physical breach originating via an internet connection, mean that cyber and electronic security professionals need to collaborate closely to manage an organisation’s risk.
Organisations are also looking to converged approaches to simplify their security operations and increase their cost effectiveness by sharing common management and monitoring systems between disciplines.
Approaches to convergence
Although security convergence is bringing together the cyber andelectronic security departments, it’s important to note that this doesn’t necessarily entail merging the two.
Across the country we are seeing a wide variety of approaches, particularly in the large enterprise space, where there is already an ongoing discussion about the best way to assign responsibility for managing security responsibilities throughout an organisation.
While some companies have adopted a single Chief Security Officer who holds dual mandates for cyber and electronic security, many organisations, particularly in this early stage of convergence, have achieved similar results by aligning the strategies and expenditure of both groups.
In the Telstra Security Report 2018, we found that 67 per cent of Australian businesses have already unified the two budgets for cyber and electronic security, or plan to in the years ahead.
Whichever approach an organisation takes, what we’re finding is that there’s a need to invest in the skills required to operate across both domains, and bridge some of the lingering gaps in culture and workflow which exist between the two disciplines. Examples of this are the more established compliance legislation and standards which applies to electronic security, or the flexibility needed to keep the security of internet-connected devices up to date.
Technology enabling convergence
Our research from the Telstra Security Report 2018 shows that 84 per cent of Australian businesses are considering, trialling or have implemented systems to manage convergence – often looking at the integration of operational technology, CCTV and other video sources, alarm systems and Building Automation Systems into their existing cyber security nerve centre.
To begin with, organisations are marrying electronic data sources with network sources to gain an extra dimension of visibility over incidents, such as matching an employee’s computer access with their door access card. Together with government, banking and financial services are leading the way in adoption.
As convergence remains in an early stage, without widely accepted technical standards, we recommend organisations take a flexible, forward-looking approach when considering investments.
When upgrading electronic security systems, such as video surveillance cameras or alarms that relied on PTSN, look for devices which have the data and reporting capabilities you might be looking for five years from now, even if you don’t currently have a system to ingest that data.
Similarly, when considering options for managing data and devices, look to flexible options that allow you to evolve alongside changing standards, technologies and approaches. At Telstra, we’ve designed our Managed Security Services around open source technology for this very purpose, to ensure we can help meet changing customer needs and market conditions.