Facilities Management Journal July 2019

FMJ.CO.UK SECURITY FOCUS What many fail to realise is that the access control industry is currently moving away from closed proprietary systems which only work with specifi c manufacturers whose hardware is only compatible with one software platform” JULY 2019 29 THE INSIDER THREAT While external threats are a big focus for security teams, the inside threat must not be overlooked. The recent increase in cyberattacks means physical security equipment has now become a potential entry point to networks and critical infrastructure. It might seem ironic that a physical security solution designed to protect people and property can be the subject of a cyberattack, but seeing that these systems are increasingly connected to networks and IT infrastructure, they can be vulnerable to breaches. No access control provider will be able to perfect a product with no vulnerabilities, but they should have solid protections in place as well as a process that quickly and completely addresses any vulnerability. When choosing a physical security system, it is crucial to consider the cybersecurity needs, or the ‘security of security’. It’s estimated that 74 per cent of data breaches start with privileged credential abuse. Businesses in particular have become the main target for cyber-criminals in 2019, making it critical to be increasingly aware and vigilant of insider threats to security. Businesses hold huge amounts of valuable data, and with cyber-criminals fully aware they also hold the funds to pay ransoms, it makes them a prime target. Modern access control has the ability to mitigate this threat. By choosing a provider that o‡ ers protection against cyberthreats with end-to-end encrypted communications for so ware and hardware, secure claims-based authentication, as well as digital certificates, facilities managers can do much to safeguard their IP. Regular penetration tests aimed at trying to catch vulnerabilities on their own are also essential, as this can eliminate a breach before it happens. To summarise, a unified security platform displaying all desired information on one single interface allows security o‡ icials and facilities managers to have eyes everywhere, significantly improving response times and operations in general. Choosing an IP-based access control solution compatible with any hardware provides the flexibility needed in the ever-changing security environment, without exhausting budgets by investing in new hardware every time a system update is needed. With advanced cyber-security measures in place to protect these physical security solutions, you’ll have built a layered security system capable of mitigating threats posed to your building while making daily operations smoother than ever before. A QUICK GUIDE TO ACCESS CONTROL TECHNOLOGY ACCESS CONTROL Refers to the way we limit access to systems or resources such as o ice buildings. Access control can grant or block users from admission or information. With access control systems in place, users are required to present their credentials before they can be granted permission. These credentials come in many forms, from simple key-lock solutions to biometric identification systems such as facial recognition or fingerprint ID. An advanced system not only decides who can gain access to a certain resource, but also monitors what they do once inside the building or system. IP-BASED SYSTEM The internet protocol (IP) is the method by which data is sent from one computer to another on the internet. Each computer on the internet has at least one IP address that uniquely identifies it. Access control systems using IP are digital systems o en used for surveillance purposes, and can send and receive data via a computer network and the internet – making it by far the fastest method of moving information around. Highperformance IP-based access control solutions leverage the network and are therefore easy to install and manage while providing a cost-e ective access control system that grows with the organisation’s needs. Migrating from an existing legacy access control system to an IP-based one comes with many benefits. In addition to significantly enhancing overall operations, it expands and customises physical access control infrastructure, which allows the system to take advantage of new access control capabilities such as e icient multisite management and Power over Ethernet technologies. IP-based systems make it easier for organisations to operate, expand, and customise physical security and access control according to changing needs, as it does not bind the user to any particular system. PRIVILEGED CREDENTIAL ABUSE Privilege, in an IT context, can be defined as the authority given to an account, system or area within a network. Privileges enable users to access certain areas and resources within the company. However, they also open the door for potential misuse, both from the inside and outside. Privileged credential abuse refers to the way in which unauthorised individuals such as cyber criminals gain access to these systems. Seventy-four per cent of data breaches reportedly start with privileged credential abuse, putting even access control at risk due to technological advancements. Privileged access management is one way of mitigating the risk of credential abuse. It comprises the cybersecurity strategies and technologies for exercising control over the privileged access rights and permissions for users.