MONTRÉAL — With the ever-increasing rise in cybercrime, Genetec Inc. is cautioning organizations of all sizes to be vigilant about the cybersecurity risk posed by legacy access control systems.
“Many organizations are operating with access control systems that date back 10 years or more,” said Christian Morin, vice president of product engineering and chief security officer at Genetec. “While these older systems still allow employees to badge in and out, there’s a very high likelihood that these systems employ technologies that are extremely vulnerable to modern cyber threats.”
Vulnerabilities in legacy access control systems can introduce cybersecurity weaknesses that may put an entire organization at risk. Cybercriminals can exploit weaknesses in access control system credentials, controllers, servers, readers, or workstations connected to the network. Once a cybercriminal has breached access control system credentials, they can then move on to an organization’s network and can gain control of other building systems, view or steal confidential information from internal records, or launch attacks designed to take key systems offline.
Companies that are affected pay a heavy price — the average cost of a data breach rose from $4.24 million in 2021 to $4.35 million in 2022, according to a report from IBM. Hence, it’s never been more important for organizations to be educated on the risks associated with legacy systems and the advantages that new access solutions can offer.
Cybersecurity best practices for access control systems
To improve the cybersecurity of access control systems, Genetec recommends the following steps.
- Upgrade the system. Older systems were not built to address today’s threats. When evaluating a new access control system or upgrading an existing system, make sure that cybersecurity is a key component of the vendor selection criteria.
- Use advanced secure credentials and the latest communications protocols to secure data transmission, since older credentials are easy to clone using readily available tools.
- Educate employees and partners about cybersecurity best practices and ensure they are prompted to change passwords often.
- Regularly check for firmware and software updates and install once available.
- Use a centralized identity access management system to ensure virtual and physical authentication and authorization of employees for better control and more effective maintenance of your systems.
- Create a dedicated network for access control systems so that there is clear segregation of networks based on their purpose.
- Choose a security provider that can demonstrate compliance with established security certifications.
- Ensure the access control system uses proven data encryption standards as well as multifactor authentication.
- Work with a partner that focuses on supply chain risk management, has a dedicated team to monitor cyber threats, and ensures software is updated frequently and patched as needed.
Access control technology has undergone a huge transformation in recent years. Customers are gradually freeing themselves from proprietary solutions and demanding more flexible, open solutions. Forward-thinking technology manufacturers have now introduced a new breed of more cybersecure solutions that offer benefits beyond locking and unlocking doors.
A unified access control system that uses the latest cybersecurity standards to secure communication, servers, and data, such as Genetec Security Center Synergis, can not only protect an organization’s assets and people but also help them improve their business operations and decision-making. By choosing an open architecture IP-based access control system, organizations have the flexibility to upgrade to the latest supported technology at any time, move at their own pace, and work within their available budget.
For more information, download the Genetec white paper, “Cybersecurity risks of legacy access control systems.”