HID Global surveyed 600 users on physical access control technologies that showed perceptions about change, the importance of industry best practices and how well technology and policy best practices are being implemented.
The attitudes uncovered in the survey show how well organizations can defend against increasingly dangerous and costly security threats, both now and in the future.
“This survey raises questions about how well organizations are keeping up with the bad guys,” said John Fenske, vice president of product marketing, Physical Access Control with HID Global. “Complacency isn’t wise, however, and adherence to industry best practices will be increasingly critical in order to take advantage of the coming generation of technologies and capabilities, including mobile access control on smartphones. A reliance on legacy infrastructure, technology and mindsets will make it hard to keep up with today’s technology advances that address a world of increasingly sophisticated threats.”
HID’s graphic combines results from its survey with published data on security breaches and associated costs. Findings include:
- Only 37% of users perform annual security assessments and most don’t contract a third party to test existing physical access control systems. This means users either conduct their own security audits or penetration exercise internally, or do not test their systems at all.
- More than half of respondents have not upgraded in the last year, and more than 20% haven’t upgraded in the last three years.
- 75% of end-users said cards with cryptography were important. The majority also believes that mag-stripe and proximity technologies provide adequate security, despite vulnerability to cloning.
- 75% of respondents state that the highest-security technologies were important or very important, but half said they weren’t implementing them well, or at all. More than 90% felt the most secure policies were important or very important, with only 70% felt they were implementing them effectively or very effectively.
Biggest barriers to best-practice implementation were budget-related, and management not seeing value in the investment. Yet the cost of not investing in best practices can be very high – for example, $5.4 million for a data breach, according to Ponemon Institute.
HID states that the current perceptions about access control will have an impact on the adoption of future technologies. For instance, mobile access control on smart phones will enable a hassle-free experience for users, who can carry all of their keys and credentials on a device they carefully protect and rarely lose or forget. However, if the market continues to delay deploying best practices against threats to traditional cards and readers, it will be difficult for enterprise infrastructures to seamlessly move to digital credentials carried on smartphones in a BYOD deployment environment with new and different security threats.