ISC West Keynote and Verizon Report Signal Rising Risks at the Intersection of Physical and Digital Security
Vulnerabilities in perimeter devices, third-party contractors, and credential systems are becoming high-value targets for threat actors—putting physical security infrastructure squarely in the crosshairs of modern attacks.
That’s one of several takeaways from Verizon Business’s newly released 2025 Data Breach Investigations Report (DBIR), which analyzes more than 22,000 security incidents across industries. While the findings focus on breach trends, the implications extend beyond the IT department and into the domain of physical security leaders charged with protecting facilities and people.
The report reveals a 34 percent spike in the exploitation of vulnerabilities, many of which target internet-connected perimeter systems and VPNs—technologies that often underpin access control, surveillance, and other critical building systems.
At the recent ISC West, Rachel Wilson, a 15-year veteran of the international cyber wars as head of the National Security Agency’s cybersecurity, used her keynote address to warn attendees that cybercrime has changed, and private industry is much more vulnerable.
Wilson sat down with ISC News Editor-in-Chief DJ Murphy at the event to talk about the way that change is taking place.
According to the Verizon report, third-party involvement in breaches has also doubled to 30 percent, underscoring the growing risks posed by vendors, contractors, and service providers who often support physical operations but may not be subject to the same cybersecurity controls.
Human error and credential misuse remain top drivers of breaches, raising concerns for frontline staff who manage entry points and verify identity. Inconsistent policies around badge systems, visitor access, and identity validation could create real-world exposure if not tightly managed.
And while ransomware is often viewed as a digital threat, its impact can be deeply physical. Small and mid-sized organizations—many of which operate lean physical security teams—were disproportionately affected, with ransomware present in 88 percent of SMB-related breaches.