Access control systems can provide a defense against both physical and cyber intrusions into an organization. However, they are often overlooked and can present a tremendous vector for attack. If physical systems fail to identify an intruder, that intruder now can tap into network resources without having to navigate external network access controls.
Also, access control systems can mitigate the Insider Threat by monitoring employee activity and sending alerts of changes in behavior such as an employee working different hours or days. A properly configured system can ensure employees only have access to permitted workspaces during their normal work hours. Integration of physical access control data into SIEM monitoring tools can provide additional insights by correlating IT events with physical events. Physical access control can be a tremendous asset to the overall security posture of an organization, but systems must be functioning properly and not present an easy target for cyber-attack.
Companies need to look holistically at all their IT assets to ensure vulnerabilities are identified and risks mitigated to the highest degree possible. With the convergence of security devices and IP networks, vast amounts of data are traversing a company’s IT infrastructure; much of that originates from physical security systems and devices. Often, access control systems have poor levels of corporate ownership, with limited documentation and IT oversight, and in some cases are forgotten until a major incident occurs.
If a company has an older access control system, NVR devices and visitor management systems may be running on unsupported operating systems, such as Windows XP and Windows Server 2003 among others. How many security systems do not comply with the corporate user password and security model, are not patched regularly, have no AD integration and no two-factor authentication, or have no backup or recovery plan? In many cases, these systems contain personally identifiable information (PII) of employees and visitors for physical badge creation. Access control systems are high value targets for all these issues and many more.
Insite provides an expert, unbiased review of an entire access control ecosystem. We audit physical access control, video surveillance and visitor management systems, including documentation and procedures. Our goal is to offer actionable advice and mitigating strategies to protect your organization from physical and cyber intrusions.
Takeaway: A holistic independent audit will provide your organization with recommendations to improve the overall functionality and security of your physical access control systems. Click here to learn more about IT Security Assessments.