To mark European Cybersecurity Month 2021, 2N, the IP access control product manufacturer, is offering guidance for consumers and building managers against cyber attacks. The move is a response to evidence that the threat of cyber crime is increasing, and that access control remains a common area of vulnerability.
Earlier this year, the insurer Hiscox published its Cyber Readiness Report 2021. It was based on a survey of more than 6,000 companies based in the US, the UK, Spain, the Netherlands, Germany, France, Belgium and Ireland. The report confirmed that spending per business on cybersecurity has more than doubled in the last two years as a direct response to growing threats. Almost half of the respondents said that they felt their organisation had become more vulnerable to cyber attacks since the start of the pandemic, rising to 59pc among businesses with more than 250 employees. Some 28pc of the businesses surveyed who had suffered attacks were targeted on more than five occasions last year. One in six of the companies that had been victims of cyber crime said that a cyber event threatened the viability of their business.
Hiscox went on to assess firms’ maturity across six areas which comprise the elements required to install, run, manage and govern an effective security system. One of those six areas was ‘Identity and access management’, and, across all the companies surveyed, it came second bottom of the list.
In response to these findings, 2N has updated its guidance, first published during European Cybersecurity Month 2020. Two new pieces of advice have been added:
1. Pursue compliance with a proven security control framework. Two of the most respected are ISO 27001 and SOC 2. These guide companies in creating secure systems and processes.
2. Make sure the access control system includes the use of encryption and multi-step authentication. This protects communication between devices, controllers and mobile devices, and ensures no back doors for ‘maintenance purposes’.
Tomáš Vystavěl, 2N’s Chief Product Officer, said: “We felt that it was necessary to strengthen our cybersecurity guidance partly because the threat is increasing, but also because many companies are still playing ‘catch up’ when it comes to cybersecurity in access control. This matters because if the access control system is compromised, the daily operation of the building – and, consequently, its residents – is immediately at risk. Attitudes are changing, but they need to change even faster.”
Visit https://www.2n.cz/en_GB/about-2n/cybersecurity.
Three points
1.Pursue compliance with a proven security control framework. Two of the most respected are ISO 27001 and SOC 2. These guide companies in creating secure systems and processes.
2.Make sure the access control system includes the use of encryption and multi-step authentication. This protects communication between devices, controllers and mobile devices, and ensures no back doors for ‘maintenance purposes’.
3.Create an independent network, dedicated exclusively to devices that handle sensitive information and ensure that communication between them is encrypted. Place these devices to a separated virtual LAN (VLAN) and ensure that manufacturers of installed devices or software use implementation protocols such as HTTPS, TLS, SIPS or SRTP by default.
