If the teams that are charged with protecting your company’s physical, digital and intellectual assets didn’t already have the threat of a hybrid physical-cyber attack on their radar, then a warning from Matthew Frost of the U.S. government’s Cybersecurity & Infrastructure Security Agency (CISA) likely came as an eye-opener — and, hopefully, a call to action.
“The convergence of cyber and physical security is no longer a choice; it's a necessity,” Frost wrote in a 2025 post to LinkedIn. “In an era where digital and physical worlds are inextricably linked, organizations must adopt a holistic approach to security to protect their assets, data, and people effectively.”
What does a holistic approach to cyber and physical security look like in practice? Exactly what kinds of threats to manufacturers is such an approach designed to thwart? And how to implement such an approach inside your organization?
First let’s discuss the nature of the threat itself. A hybrid or blended attack is one that moves from the physical to the cyber domain or vice versa. These threats aren’t just hypothetical.
In a report published this January, CERT Polska, Poland’s computer emergency response agency, detailed an attack orchestrated by Russia-sponsored hackers in late December 2025 against more than 30 wind and photovoltaic farms, a manufacturing company, an energy distribution system operator, and a heat and power plant that supplies a half-million customers. In its analysis of the incident, CERT Polska said the attackers intended to disrupt heat supply to end users during a period of extreme cold weather—in short, a hybrid attack designed to move from the cyber domain to the physical.
Noting the incident involved both IT systems and physical industrial devices, CERT Polska suggested it could be a harbinger of things to come. “The observed attacks,” it said, “represent a significant escalation compared to incidents we have encountered so far.”
Internal Vulnerabilities Creating New Threat Vectors
People are the common denominator among cyber, physical and hybrid threats. Because they can interact with an organization physically or digitally across a landscape in which the cyber and physical domains increasingly converge, there are more vulnerabilities for bad actors to exploit.
In many cases, these vulnerabilities stem from a lack of connectivity, coordination, communication, and synchronization between cybersecurity and physical security teams, and between an organization’s visitor management, security and compliance approaches.
Organizational siloes are a major culprit. Say, for example, a security guard notices a visitor badge has been used to access a restricted area within a building. While they may investigate and find nothing amiss, it may not occur to them to alert their counterparts on the cyber team to check for suspicious activity across the company’s digital infrastructure.
Had the two teams shared a common visitor management and compliance environment, that activity in the physical domain could have automatically triggered an alert prompting the cyber team to investigate.
Imbalances between security and compliance measures on the cyber and physical sides also can create vulnerabilities. An organization that has strong cybersecurity measures in place to prevent cyberattacks could see those measures undermined by weak badge security protocols on the physical side, for example.
Or, an organization could have strong, effective security measures in place at the initial physical point of engagement but inadequate measures across its IT landscape. This can be especially problematic for organizations that treat the physical point of entry as the initial trigger for security and compliance measures.
A better approach in this case would be to invoke security measures sooner, with background checks automatically triggered at the true initial point of engagement between the organization and a potential visitor (an email invitation to an onsite meeting, for example). That gives manufacturers earlier insight into who exactly wants to engage with them physically and virtually, and for what purpose.
Manufacturers also should be mindful of artificial intelligence’s role in the threat landscape. AI has accelerated the speed of business as well as the speed at which hackers can execute an attack on a business. Companies that rely on siloed visitor management, security and compliance systems and teams, and on manual, human-driven processes, are highly vulnerable because they can’t match the machine speed at which today’s attacks are executed.
More traditional hybrid threats also must be accounted for, such as when a bad actor gains physical access to a facility, then swipes an employee’s credentials, computer or USB key from their workstation in order to initiate an intellectual property theft, cyberattack, or some other malicious attack in the cyber or physical domain.
Countering the Hybrid Threat
As real as the threat of hybrid attack has become, and as sophisticated as many of today’s bad actors are, a more intelligent and sophisticated approach to visitor management, security and compliance is a must. Let’s take a closer look at exactly what such an approach might look like for a manufacturing organization, and how it can help prevent hybrid attacks:
- A unified cyber/physical security team is the ideal; better communication and coordination between separate teams represents progress.
- Instead of siloed systems, a single, converged security and compliance environment that includes access controls, policies, procedures, risk workflows and reporting functions.
- Standard, centrally managed policies across sites, with the flexibility to customize policies and access based on a facility’s and a visitor’s unique requirements.
- A single ecosystem for managing all types of visitors: roving employees, contractors and subcontractors, inspectors, customers and prospects, vendors and more.
- Intelligent prescreening tools that, upon initial contact with a potential visitor (via email, for example), gather and analyze their ID information, then run it against internal databases, external denied-party lists, watchlists and the like, alerting appropriate personnel to a potential issue before a scheduled visit.
- The ability to create a 360-degree view of each visitor by converging their digital and physical identities.
- Ensuring only the right people gain access to spaces that hold sensitive IP, and enforcing rules around bringing devices into these sensitive spaces.
- Closing the loop by ensuring, for example, that a visitor’s guest WiFi credentials expire automatically.
- Continuous compliance. Closing the gaps that invite hybrid threats requires a shift in approach whereby compliance is viewed not as a single moment at the front desk but rather as a cycle that begins before a visitor’s arrival with prescreening and approvals, continues at check-in, and extends through the visitor journey, to collecting, analyzing and reporting on each visitor and visit.
- A single source of trusted data for analysis, compliance, reporting and audits.
As rare as hybrid attacks like the one in Poland have been, that’s bound to change, CISA’s Frost warns. “As our world becomes increasingly interconnected and reliant on technology, the need for a seamless integration of cyber and physical security has never been more critical. This convergence is not just a buzzword; it's a necessity to safeguard our businesses, institutions, and personal lives.”
For manufacturers, a unified approach to visitor management, security and compliance is no longer a luxury, it’s a necessity.
Chris Burton is the executive vice president of strategy at Sign In Solutions, a company that provides visitor management + experience solutions.
