"Cyber and Physical Security Should Collaborate: What Does It Take to Achieve This"
Organizations have become increasingly dependent on Internet-based technologies for building management systems, Internet of Things (IoT) devices, operational technology, and other physical assets. These technologies introduce new security vulnerabilities that can be exploited by malicious actors to launch cyberattacks. According to Symantec, the number of cyberattacks involving a vulnerability to target physical systems or vice versa has, in fact, increased. In order to understand and mitigate threats that cross the boundary between what is cyber and what is physical, some organizations have decided to integrate their security resources to make them work more closely together. Although it makes sense to merge security functions, there is still little evidence to support this. A lack of guidance on how to effectively implement converged security remains. Organizations wanting to adopt convergence could be implementing new structures and processes that invite new vulnerabilities as there is no evidence and guidance. Research is required to develop an evidence base that can help organizations better decide how to implement convergence. Research conducted by Emma Boakes, a final year Ph.D. student at the University of Portsmouth, aims to provide such an evidence base. Through the performance of three qualitative studies with security staff from various organizations and industries operating converged security, Boakes established that organizations adopt convergence to manage risk in the changing threat environment, reduce complexity across the security function, improve efficiency, and make cost savings. Insights from security personnel often prompt convergence, but other organizations, government, and industry associations influence it. The choice to implement convergence is only one element of the decision-making process. Boakes' findings also showed that organizations implement convergence in different ways depending on organizational context. According to Boakes, organizations must pull insights from their security functions and consult with staff to take advantage of their first-hand experience of security in context to achieve an appropriate and effective implementation of convergence. This article continues to discuss the study on security convergence and the goal to create a roadmap that can help organizations make better decisions regarding implementing convergence.