Despina Stamatelos, Senior Commercial Manager, Access Control, Genetec, Inc. explores why replacing legacy access control systems is crucial for organizations to meet their cybersecurity needs.

Access control systems exist to improve security for organizations. However, if the hardware and software aren’t kept up to date, the system may be vulnerable to cybersecurity threats and other risks.

Many organizations are holding onto access control systems that date back 15 years or more and only do minor patches and updates. While these older systems still allow employees to badge in and out, they may not be well protected against cybersecurity threats.

Keeping an outdated system means you miss out on new features that enhance operational efficiencies and scalability and may also expose your organization to new threats. Over time, integrations between systems can break or are no longer supported. Cyber-criminals have also discovered how to bypass or compromise some older hardware and software, which can put your organization at risk.

If a hacker breaches a network to gain access to sensitive data such as proprietary information or customers’ private information, the impact of a cybersecurity breach in an access control system can cause damage far beyond the doors. The average cost of a data breach in 2021 was estimated at $4.24 million, according to Statista.¹

Must-have cybersecurity features

With rising concerns about cyber-crime, organizations are looking for new ways to implement and maintain robust cybersecurity strategies. Research by Genetec² shows that 36% of IT and security professionals want to invest in cybersecurity-related tools in 2023, with 40% of efforts focusing on access control alone.

When it comes to badging in and out, an aging system may appear to function well. However, there may be unseen cybersecurity gaps. Weaknesses in legacy access control systems can be exploited at every level. This includes the credential level, controller and server or workstation.

With 64% of organizations³ worldwide experiencing at least one cyber-attack per day, it’s imperative to be prepared for a possible attack. Modern access control systems offer a range of new security features that make it much harder to gain unauthorized entry. They also provide tools to respond faster and more effectively when targeted in a cyber-attack.

Look for these must-have features to improve security:

• Encrypted credentials when using badges
• Encrypted hardware components, like readers and controllers, that also prevent physical tampering
• Encrypted databases that are stored separately from databases for running the access control system
• Restricted and role-based access to the software applications in the access control system
• Secured connections between the different components of the access control system
• Robust breach notification functionality for timely responses in the event of a breach
• Partners and suppliers that you can rely on to help you defend against future cyber-threats

Choosing the right vendor

It’s a good idea to think proactively when evaluating the risks of deploying technologies. Look for a supplier who has a proven track record in security. This helps guarantee that the data is protected through cybersecurity best practices and that the system is only used for its designed use.

You might think that a proprietary solution is more secure because there are fewer interdependent components to integrate into your access control solution. However, a better solution is often to choose a unified, open-architecture software platform that supports a wide variety of best-of-breed hardware.

A platform of this type, built with cybersecurity in mind, allows you to take advantage of cutting-edge technology while also remaining up-to-date with cybersecurity measures. It also helps with system scalability. You can select the very best hardware for your needs and add or remove components as your business needs change.

A unified platform is also more resilient to emerging threats since all systems operate on one platform. When software needs to be upgraded or patched, the process is quick and easy. There is no need to worry about compatibility issues. If a problem with a particular piece of hardware comes to light, you can also remove or upgrade only the affected components. You don’t have to replace your whole system.

Ten ways to improve the cybersecurity of your access control system

1. Upgrade your system to a modern system with enhanced cybersecurity measures. Older systems weren’t built to address today’s threats
2. Use secure, smart credentials or biometrics
3. Use the latest communication protocols to secure data sent between appliances and networks
4. Provide training to employees to educate them about cybersecurity best practices
5. Ensure employees are prompted to update passwords often
6. Use an identity management system to ensure that users can only access areas and data that relate to their role and current employee status
7. Create separate local networks for devices that store or share highly sensitive information, so that it can’t be accessed from the regular network
8. Choose a security provider who demonstrates compliance with established security control frameworks
9. Ensure that access control systems use proven data encryption methods and multi-step authentication
10. Work with a partner that has a dedicated team to monitor cyber-threats and ensure that software is updated frequently and patched as needed

Next steps toward a cybersecure access control system

A modern, unified approach to access control can help organizations stay more resilient to cyber-threats, while also delivering more value than simply locking and unlocking doors.

To ensure a seamless migration, confirm your provider is available throughout the process, from initial surveying and migration planning to system testing and support. Some manufacturers also offer additional support with onboarding, training, documentation and troubleshooting.

To keep downtime to a minimum, you can often keep the old system running until the new system is fully functional. This is especially helpful when time and personnel resources are stretched.

Likewise, the most labor-intensive part of the migration is often the process of ensuring the access control data is imported correctly. Ask if your provider offers a database conversion service to minimize errors and save you time.

The prioritization of cybersecurity will not only help organizations better defend against cyber-attacks, it’ll also become an essential factor in preserving business resilience and continuity.

Replacing a legacy access control system is a big project, but working with a trusted, open-architecture security solutions provider makes it easier to ensure the migration proceeds smoothly and that you have a solution that meets your cybersecurity and physical security needs now and in the future.

References

1. Published by Statista Research Department and 6, S. (2022) Global average cost of a data breach by industry 2022, Statista. Available at: https://www.statista.com/statistics/387861/cost-data-breach-by-industry/ (Accessed: January 2023).
2. What are the physical security trends for 2023? – genetec.com (no date). Available at: https://www.genetec.com/blog/industry/what-are-the-physical-security-trends-for-2023 (Accessed: January 2023).
3. How many cyber attacks happen per day in 2023? (no date) Techjury. Available at: https://techjury.net/blog/how-many-cyber-attacks-per-day/ (Accessed: January 2023).

Despina Stamatelos is Senior Commercial Manager, Access Control at Genetec, Inc. She is responsible for both product marketing and product management for access control. She guides the development of the right offering to meet market needs and constructs go-to-market strategies and positioning of these solutions. 

This article was originally published in the February edition of Security Journal Americas. To read your FREE digital edition, click here.