Of course in reality we don’t but at times it can be difficult to get the relevant committees or c-suite members to listen when the recent incidents or risk perception are low.
We regularly read figures which demonstrate the attempted (and sometimes successful) intrusions against the virtual systems. This can go into the thousands per day! But it’s so much more difficult to quantify the attempted and in some cases even the actual physical intrusions.
Here’s some food for thought (btw all of these can be flipped around to an equivalent Infosec threat)…..
- Does every occurrence of someone trying to open a door (internal or external) get noticed or reported?
- How about the unnoticed or unreported hostile reconnaissance?
- Or indeed the unknown insider attempting to obtain physical information, assets or IP?
We certainly don’t receive notifications for all of these, yes it makes our job more difficult but it also makes it a lot more interesting!
Recent incidents around the globe demonstrate that the physical threat is very much still with us. These can lead to reputational damage, financial loss but all too often the outcome can also be a lot worst.