With today’s organizations facing increasingly sophisticated threats from both inside and outside the organization, Physical Access Control Systems (PACS) need to evolve to effectively address them.
The Current State of Physical Security
Just take a look at the stats. We’ve all seen too many tragic news headlines on campus and school shootings in the past few years, and unfortunately, they haven’t seemed to be letting up. In fact, in 2018, campus shootings went up by 54% from the previous year as shown in this study by US Naval Postgraduate School. Outside threats aren’t the only source of attacks, however.
According to the Verizon 2019 Data Breach Investigations report, 34% of all breaches in 2018 were caused by insiders. Incidents from employee/contractor negligence, to criminal or malicious insiders, to credit theft have all contributed to this staggering number.
The Price Paid
What has been the resulting cost to the company? The Ponemon Institute 2018 Cost of Insider Threats states that after summing up all the cost activities required per incident, the average cost of an insider-related incident is around $513,000. According to this study, the average cost of a data breach globally is $3.86 million, a hard number to swallow but an unfortunate consequence of using a legacy access control system.
Digital transformation has increased the volume and complexity of physical security data collected and stored, as well as potential security risk factors and the time and talent required to identify and manage them. Organizations are still struggling to keep their legacy access control system secure, compliant, and affordable – a system that simply can’t keep up with nor make sense of the complexities of a sophisticated attack.
Making the Change to Modern Access Control
Given the current risk landscape, we simply cannot overlook the security at the door. Physical access control systems must evolve along with modern security solutions to be proactive, integrated, and dynamic. This is a crucial change for any organization not willing to risk financial loss, data breaches, lost business, damaged reputations, and precious employee time spent on recovery.
As we see growing interest in smart buildings, smart cities and safe campuses, intelligence is required to help organizations identify abnormal activities and automate risk adjustments and responses in real time accordingly. A truly risk-adaptive physical access control solution should be able to adjust permissions based on dynamic risk scores of personnel, assets, environments and facilities.
For example, let’s say company employee Dale usually comes in at 8am, and clocks out around 5pm almost every day. If he starts showing odd patterns of suddenly leaving the office later, say around 11pm, the company’s physical access control system should be able to automatically flag this as an abnormal activity out of his normal schedule. The system can then identify if there is any other activity that when combined with the change in schedules might be indicative of suspicious behavior. The system can then flag the security team to investigate further.
Likewise, the system should be able to take preventive safety and security measures. In the case of a chemical spill, the system could be alerted to the presence of dangerous air-borne toxins, and promptly shut down access to affected areas. Simultaneously, it should have the ability to alert operations teams to take emergency action.
Whether you are securing one door or hundreds of access points across multiple facilities, proactive security is possible with a risk-adaptive PACS. To learn more about how to modernize your PACS with a proactive, integrated, and dynamic approach, join us for our upcoming webinar on Wednesday, July 24th at 12-1pm CT.