Organizations Not Ready For Dangerous, Costly Security Threats

by CXOtoday News Desk    Apr 11, 2014

security breach

Despite a dramatic rise in the number security breaches in recent times, organizations do not take IT security - especially, physical access control seriously, according to a recent survey by security solution provider HID Global. The survey revealed that there’s a lot more organizations should do to defend against increasingly dangerous and costly security threats, both now and in the future.

For example, at present only 37% of users perform annual security assessments, and most do not contract a third party to test their existing PACS. This means users either conduct their own security audits or penetration exercise internally, or do not test their systems at all.

The survey also revealed that more than half of respondents have not upgraded in the last year, and more than 20% haven’t upgraded in the last three years.

The other shocking revelation is that 75% said cards with cryptography were important and the majority also believes that magstripe and proximity technologies provide adequate security, despite their vulnerability to cloning.

while over 75% of respondents state that the highest-security technologies were important or very important, but half said they weren’t implementing them well, or at all.

The biggest barriers to best-practice implementation were budget-related, and management not seeing value in the investment. Yet the cost of not investing in best practices can be very high - for example, $5.4 million for a data breach, according to Ponemon Institute.

“This survey raises questions about how well organisations are keeping up with the bad guys,” says John Fenske, VP of product marketing, Physical Access Control with HID Global.

According to him, adherence to industry best practices will be increasingly critical in order to take advantage of the coming generation of technologies and capabilities, including mobile access control on smartphones.

“A reliance on legacy infrastructure, technology and mindsets will make it hard to keep up with today’s technology advances that address a world of increasingly sophisticated threats,” he states.

The HID Global survey states that current perceptions about access control will have an impact on the adoption of future technologies. For instance, mobile access control on smartphones will enable a more hassle-free access control experience for users, who can carry all of their keys and credentials on a device they carefully protect and rarely lose or forget.

However, if the market continues to delay shoring up its best practices now against today’s threats to traditional cards and readers, it will be difficult for enterprise infrastructures to seamlessly move to digital credentials carried on smartphones in a BYOD deployment environment with new and different security threats.