ACCESS CONTROL FOR BOTH PHYSICAL AND CYBER SYSTEMS is equally mission critical, but many organizations today rely on outdated technology and communication protocols that leave them exposed to potential theft of intellectual property, data breaches, and compliance violations. Security teams can take advantage of key events and circumstances, such as mergers and facilities consolidation, to win support for cost-effective and minimally disruptive physical access systems upgrades.
A recent survey of almost 2,000 members of ASIS International, a global community of security professionals, found that many physical access control systems (PACS) still rely on aging card credential technology. Almost half support low-frequency (125 kHz) proximity cards, and a third support magnetic stripe cards, both of which can be easily cloned.
Older, vulnerable PACS solutions can enable insiders, criminals, and spies to gain access to secure facilities (or parts thereof), where they may then access networked computer systems, physical assets, and/or the personnel being protected.
“It doesn’t take a government-sponsored hacker to break through these legacy physical access control systems,” says Brandon Arcement, senior director of product marketing at HID Global. “The vulnerabilities are not theoretical. Many off-the-shelf devices are available for anyone to subvert outdated systems.”
The problem goes beyond outdated credentials. Physical access control systems are made up of card readers that communicate with a controller via an access control protocol. The most commonly deployed protocol, Wiegand, dates back to the early 1980s; it is unencrypted and vulnerable to interception and cloning. Furthermore, such older systems are difficult and costly to maintain, limited in functionality and distance, and cannot be updated remotely.
A glaring weakness of older-technology PACS involves the use of proprietary software that is bound to specific hardware. This type of vendor lock-in limits an organization’s ability to turn to alternative suppliers, which could improve security, reduce costs, and enhance the user experience.
Download and read the full piece from HID here.