Why today’s hybrid threats demand a new approach to visitor management
Hybrid threats aren’t hypothetical. They’re already crossing your threshold. Consider Oldsmar, Florida. A municipal water employee noticed suspicious activity inside a supervisory control and data acquisition (SCADA) system, a small detail that ultimately stopped a hacker from altering chemical levels in the town’s water supply. According to CISA, the intruder got in through familiar weaknesses: poor password practices and an outdated operating system.
This is but one example of a hybrid, or blended, threat — an attack that moves easily between the physical and cyber domains, where a lapse in one becomes an opportunity in the other.
As these threats grow more sophisticated, the tools to manage them have to follow suit. That begins with a more advanced approach to visitor management, one that gives agencies visibility into both the people entering their buildings and the risks entering through their networks.
Call it Visitor Management 2.0. And for public agencies, it is becoming essential.
Gaps and Blind Spots That Invite Trouble
Given the potential havoc hybrid incidents can wreak, public entities at all levels would be wise to take measures to protect against them. Besides the aforementioned real-life example, consider the possibility of a bad actor accessing a digitally networked building system to disable other systems and compromise the physical security and safety of a facility and those inside it, or using social engineering against security guards to gain physical access to a building.
The causes of attacks like these are often easy to trace. Operational silos that hamper communication and the timely flow of information between an agency’s physical and cyber security systems and teams are a common culprit. An individual’s unauthorized physical entry into an agency’s server room might not trigger an immediate alert to the cyber team, for example. An imbalance between cyber and physical security and compliance measures — strong measures on the cyber front but weak badge security on the physical front, for instance — is another red flag.
Inadequate measures at the point of engagement also can elevate risk. Organizations might treat the physical point of entry as the initial trigger for security and compliance measures, when those measures would be more effectively deployed further upstream, such as at the initial email touchpoint with a potential visitor, which could trigger background checks, pre-clearance forms and the like.
Hybrid attacks exploit fragmentation. The cracks between physical access policies, cyber defenses, and outdated visitor processes. These gaps continue to create avoidable vulnerabilities across public agencies.
In Part Two, we’ll explore how a Visitor Management 2.0 framework can help agencies close those gaps by unifying identity, access, and compliance systems into a more resilient, modernized security foundation.
Pete Akeley is the director of product at Sign In Solutions (https://signinapp.com/), which offers visitor management and experience solutions globally for a wide range of businesses and public entities. He has a passion for solving customer problems and driving innovation in visitor management.
Leave a Reply
You must be logged in to post a comment.