In September 2017, SDMMAG.com published a comprehensive article on the present and future of cybersecurity. The piece featured insights from several leaders in the security technology industry and aimed to provide an objective overview of the situation. It gave us plenty to think about, and we’re sharing its key messages here in Hungary as well.
There was a time when cybersecurity was so rarely used that most companies and individuals didn’t even think about it. Those days are long gone. Today, everyone has something they protect through digital means—especially when it comes to facilities, office buildings, museums, large events, and more. But how prepared is the world right now against hackers? How strong is our defense? Where do we stand—and where are we headed?
In the field of cybersecurity, it seems that there are more questions than answers at the moment. Security technology is constantly evolving, and it’s becoming increasingly important to talk about it in our daily lives. The fact is, security technology is something companies must constantly pay attention to—depending on what assets they have—and allocate resources for—not just for initial development, but also for continuous improvement. Kristy Dunchack, the leader of the renowned security technology company Johnson Controls, said, "A security system is never truly finished, and its development never ends."
Where does the industry stand today?
It’s generally observed that companies are becoming more aware and taking this issue more seriously, but they are not fully up to date with all the available options. An average business owner or procurement manager cannot assess whether a given (even newly developed) security system will be able to perform its tasks 5, 10, 15, or even 20 years from now. There is also a lack of general awareness on the topic—unless the company specializes in this field.
The main driving force behind the industry’s development is the return on investment and the risk reduction achievable through these systems. Companies will not significantly invest in cybersecurity unless it is profitable—only if it can lead to higher revenues, cost reductions, or if the development helps the company operate more efficiently.
Good leadership decisions are important
Even in the USA, the experience is that if a training is very cheap or free, people are open to it, but it is not typical for them to consider the training as important. This also indicates that most business leaders still don’t view the topic as sufficiently important. Thomas Lienhard, an expert at Artery Lock Security Integration, set the maximum investment at a few hundred dollars based on general experience, and the situation is no better in Hungary—in fact, it’s even worse...
Balázs Nagy, the CEO of Anteus Kft., shares his view on the state of cybersecurity in Hungary:
Since the change of regime, there has been an increasing presence of multinational companies in Hungary, which have played a significant role in shaping and developing the country’s security culture. Of course, information security would exist in Hungary without this, but the presence of foreign companies with more advanced security systems and concepts in the information world has greatly influenced their perspectives. Security culture has gained increasing importance with the development of IT systems and processes—this is a very dynamic market. Companies often view IT security systems as a one-time expense, but it’s important to understand that this is a long-term process. Information security involves protecting the flow of information within the company, as well as protecting the information stored and transmitted on electronic devices, and the personnel managing the devices and systems must also receive proper security training to ensure effective information security. In my opinion, more and more people in Hungary consider IT security development to be important. This is supported by various information security and IT security standards, such as ISO 27001. It is crucial to ensure the confidentiality, integrity, and availability of information—whether it’s stored electronically, on paper, or tied to individuals. It is necessary to assess exactly what we want to protect, what we need to safeguard it from, and find the appropriate "how" solutions. Fortunately, comprehensive standards and associated audits now exist, which ensure that companies can build an adequate defense system. With the development of IT, cybersecurity continues to evolve every year, so it is our task as security technology developers and experts to raise awareness about the importance of these security measures.
Who might find cybersecurity important?
End users can be grouped into several general categories. In some cases, the network is essential for operations, in others, the preservation of physical assets is crucial, and in many instances, the focus is on safeguarding information and ensuring that unauthorized individuals cannot access it.
Our clients include companies, institutions, prisons, banks, museums, and parking garages—each requiring different types of protection. This must be customized based on the location and the specific needs of the industry. For example, a camera surveillance system must protect not only assets but also the privacy rights of visitors—and this issue becomes even more critical due to GDPR regulations.
What should you watch for when protecting access control systems from cyber threats?
Our partner, Farpointe Data, has created the following checklist for integrators to provide guidance on enhancing cybersecurity for access control systems. As an end user, you can use this list by asking the company installing the security system. Give it a try—test your security system by focusing on one of the most fundamental tasks: review the default installation codes and passwords.
Default passwords, installation codes
Never leave passwords or codes set to their default values, as default passwords are often easily accessible from the basic user manual of a security system. Search to see if there are default codes available for your system and compare them to the ones currently in use—if you’ve found them, others can find them too.
Ask your security system installer whether they use passwords in the transmitted, so-called delivered software code. If they do, switch to a solution where this is not required—especially if the communication takes place over an unencrypted channel.
In the next part of our article, we will share the complete checklist with you—along with explanations. In the meantime, if you would like to audit your security system or are planning to implement a new access control system, feel free to contact us with confidence.
