How to Protect Your Access Control System Against Cybercrime
Responding to the Evolving Threat Landscape
Criminal cyber activity evolves at an incredible pace. Today’s cybercriminals are constantly on the lookout for security gaps that will give them access to your facilities or a wide range of important, private and sensitive information. In our increasingly interconnected world, the potential avenues of exploitation seem greater than ever.
And the payoffs for gaining access are also on the rise. According to Trustwave’s “2015 Global Security Report,” the average cybercriminal can expect a 1,425% return on investment (ROI). When you consider the fact that stolen data can command a high price on the black market or be used to extort an organization, it’s no surprise that cyber criminals have become more sophisticated and patient.
For many, a poorly maintained or outdated access control system (ACS) can be the gateway a cybercriminal needs to look into your network and premises. Historically, ACS manufacturers focused on developing solutions that would secure access as well as manage access rights and cardholders. But the security landscape has since evolved, and new cybersecurity threats have emerged. Now, in addition to effectively securing your premises from physical threats, you must also protect your ACS from criminal cyber activity.
You Need to Secure Every Level of Your ACS Architecture
As with all systems and networks, your ACS is only as strong as its weakest point. Vulnerabilities can lie at every level of the architecture, including between your readers and the intelligent controller, or even in your software. This means it is not enough to simply deploy secure smart card and then hope that your system is secure.
You can help to ensure the security of your access card technology by deploying 13.56 MHz Smartcard technology, like an HID SEOS platform or MIFARE DESFire smartcards and readers. And, by using a secure and bi-directional protocol, like Open Supervised Device Protocol (OSDP) version 2, between the reader and controller, you can also mitigate against the risk of tapping attacks. An encrypted protocol ensures that cybercriminals cannot retrieve your sensitive credential information by unmounting the reader and tapping the wire connected to the controller. Because of the bi-directional nature of the protocol, operators are notified immediately when readers have been tampered with. This enables them to quickly neutralize a threat at a moment’s notice and ensure that fraudulent readers cannot retrieve sensitive information from your system.
Secure communication between servers and field devices also helps to mitigate against the risk of man-in-the-middle (MITM) attacks over your network. When selecting an ACS, you can promote secure communication by selecting a platform that uses the most advanced cryptographic protocols, like Transport Layer Security (TLS).
The platform should also employ a comprehensive approach to security that incorporates multiple lines of defense to keep both your ACS and your credential data safe. All credential data captured from readers, whether used in ACS decisions or stored in your controllers and servers, should be protected by strong encryption, authentication and authorization methods.
Secure for Today, Plan for the Future
Threats will only continue to evolve, so you need to stay ahead of the curve with more sophisticated security defenses. You need to choose a secure and resilient ACS that protects your data and keeps it confidential. At the same time, make sure your ACS is designed with several security layers from access card to software. And your chosen vendor should be committed to adopting the industry’s current best practices for cybersecurity so that your organization is secure now and for the future.