A recent survey by HID Global regarding the security measures used to guard buildings and information technology (IT) networks are compromised by a sense of “complacency” within in the business community – a situation the firm believes could lead to significant consequences for trucking.
“Trucking managers face challenges that are similar to those of any organization whose goal is to protect people and assets from physical security threats,” Jeremy Hyatt, HID’s director of global public relations, told Fleet Owner.
“Additionally, there are issues around protecting the supply chain of goods and raw materials,” he said. “Operators must control access both to terminals and other facilities, as well as cargo.”
Yet a major reason complacency is becoming a problem is due to what he called a “perception gap” among the managers tasked with securing company buildings and IT systems, as the majority of respondents believe that magnetic stripe ID cards and proximity technologies provide adequate security, despite their vulnerabilities.
“They also perceive that management doesn’t see value in the investment [in security, yet the cost of not investing in best practices and experiencing a data breach can run into many millions of dollars,” Hyatt pointed out. “
“Another reason for complacency may simply have to do with human behavior – people are resistant to change, and the interruption and distraction that can often accompany an upgrade,” he explained. “With the right approach, however, organizations can easily and inexpensively expand and upgrade their systems to meet changing needs while taking advantage of new technologies.”
HID’s poll also found the following:
- Only 37% of users perform annual security assessments and most don’t contract with a third party to test their existing physical access control systems or “PACS.” This means users either conduct their own security audits or penetration exercise internally, or do not test their systems at all.
- More than half of respondents have not upgraded in the last year, and more than 20% haven’t upgraded in the last three years.
- Some 75% of end users said cards with cryptography were important. The majority also believes that magnetic or “magstripe” cards stripe and proximity technologies provide adequate security, despite their vulnerabilities.
- Another 75% of respondents state that the highest-security technologies were important or very important, but half said they weren’t implementing them well, or at all. Over 90% felt the most secure policies were important or very important, with only 70% felt they were implementing them effectively or very effectively.
- Biggest barriers to best-practice implementation were budget-related, and management not seeing value in the investment. Yet the cost of not investing in best practices can be very high – for example, $5.4 million for a data breach, according to the Ponemon Institute.
“This survey raises questions about how well organizations are keeping up with the bad guys,” noted John Fenske, HID’s vice president of product marketing, in the firm’s report.
“Complacency isn’t wise [so] adherence to industry best practices will be increasingly critical in order to take advantage of the coming generation of technologies and capabilities, including mobile access control on smartphones,” he added. “A reliance on legacy infrastructure, technology and mindsets will make it hard to keep up with today’s technology advances that address a world of increasingly sophisticated threats.”
That’s why HID’s Hyatt said trucking companies in particular need to think about Investing in a “converged solution” of physical- and IT-based security measures that can help improve convenience, lower costs, and simplify management.
“It eliminates the need for users to remember and carry separate cards or other devices for opening doors, logging onto computers, and accessing cloud-based applications, and also enables the inclusion of other high-value applications including cashless vending, time and attendance, and secure print management,” he explained.
“The convergence of credentials onto a single card or device can also greatly improve security and reduce ongoing operational costs,” Hyatta noted. “It also centralizes identity and access management, consolidates tasks and enables organizations to quickly and effectively use strong authentication throughout their infrastructure as part of a multi-layered security strategy that protects access to all key physical and IT resources.”