It is tempting to break the world of cyber security into the attacks we see against our networks from the outside, malicious action by insiders, and then physical attacks on systems.
This has been a convenient taxonomy in the past, but sometimes leads us to forget that our adversaries don’t always think this way and that the boundary between cyber and the physical world is blurring.
Organised crime groups, hostile corporates and countries may be just as interested in recruiting insiders to help them as they are to attack systems remotely.
Attacks on physical targets can also be a very effective way into corporate networks – whether it is sniffing wifi networks, looking for open network ports in visitor areas, or finding opportunities to attach the sort of kit we saw in recent attacks against UK banks – a simple keyboard, video, mouse switch or key logger.
The recent Snowden disclosures have also shown just how interested States can be in these sorts of attacks. Information collected from external networks and social media can make targeting and social engineering easier, and a little tampering with network devices in situ makes remote access so much more straightforward.
The key is to take a holistic view of the threat – thinking about who your adversaries might be, what they might be after – and the various ways they might achieve their goals.
Moreover, keeping the different branches of security talking matters – cyber exercises or war games are a good way of making sure they can work together to deal with any incident. In short – attackers don’t respect your stovepipes.