How Vulnerable Is Your Access Control System?

Brivo partnered with Facility Executive to ask facility managers across the US a variety of questions about how they secure their facilities, how confident they are in their physical security systems, and what their maintenance plans might be. In my first blog, I talked about how 40% of facility managers still use lock and key to protect their facilities. In my second blog I discussed the challenges you face if you are using standard key card based access control systems. This time around we need to talk about firmware updates.

One trend that has been consistent is the increasing frequency of news around the cyber security issue. Phishing campaigns, stolen passwords, ransomware, DDoS attacks, etc. Four-fifths of survey respondents do NOT update their on-premise access control system firmware regularly. This needs to be done at least quarterly, or as often as your manufacturer provides updates. Otherwise you are vulnerable to simple attacks. Best is of course to update it as soon as your manufacturer releases an update or a patch.

This is scary. Only about 1 in 5 of respondent update their firmware quarterly. This may leave your security system weak and easy to manipulate. Cyber threat actors can hack into these systems easily, thus leaving you open to an attack. As I mentioned in my last blog, a high schooler with a laptop can figure out how to hack a standard key card. Hackers get into your system via phishing emails or by exploiting known vulnerabilities. Most of the time these known vulnerabilities have been patched by software updates. If you do not update your software or firmware, you are an easy target for even the most unsophisticated hackers.

Keeping your data safe is no joke. It is really easy for people who have the drive to steal your data to do so. What if you manage a multi-tenant office property and a hacker exploits a weakness in your physical access control product. Such as accessing an insecure API (Application Programming Interface) and remotely unlocking the door? All a hacker really needs is to get onto your guests WiFi and tap into an open port. Now he has access to your facility. He can waltz on in and do as he pleases.

If you upgrade to Brivo Onair, you can experience the benefits of a cloud-based service, that incorporates strict security measures. This way you can avoid having to worry about the bad guys taking advantage of cyber vulnerabilities. If you would like to learn more about our security measures, read our Brivo Onair® Information Security: A Detailed Review Of Assured Control Report.