EVolution is a news, intelligence and analysis service dedicated to the emerging business of supporting electric and hydrogen-fuelled vehicles.

Beware the intruder within

Humans are the weakest link in your critical infrastructure security chain, says Richard Hilson of Parking Facilities

Richard Hilson
22 January 2025
Richard Hilson
Richard Hilson

 

Security technology has witnessed huge advancements in recent years, particularly for those protecting critical assets or information, such as construction, transport and logistics.

Facial and fingerprint recognition, ANPR and even 'mac addresses' or a person of interest's gait, now all make up the technology toolbox of forward-thinking organisations' security policy.

However, humans remain the weakest link in any security chain, and the only way to correct this is to eliminate the human burden.

There are pitfalls in relying upon human intervention in critical national infrastructure (CNI) settings, and the future of biometrics to keep assets, information and personnel safe.

As with any workplace initiative, be it a simple recycling policy or a corporate password protection directive, technology is only as good as those who implement or operate it. Whilst technology can be fallible and gremlins do arise, it’s never as flawed as us mere humans with our unreliable ‘on/off’ switch.

Likewise, we carry the ability to reason, to override procedures, or ignore policy, should we wish. Or as it happens, just make mistakes. In fact, according to a recent Verizon report, two out of three insider attacks happen as a result of negligence, and 74 per cent of organisations are saying that insider threats are becoming more of a concern for them.

Security breaches aren’t limited to external threats either, whether intentionally or not, they can come from within. Humans can, and do, ‘go rogue’, whether that’s pre-meditated criminal or malicious intent, or just by taking shortcuts.

And while data breaches court most news headlines in this digital era, some of the most significant security risks are those posed when employees neglect fundamental security practices such as sharing passwords or access cards.

Employee negligence and insider threats

Insider negligence remains one of the leading causes of security breaches. Employees who share passwords or access cards may do so out of convenience, ignorance, or a misplaced sense of trust. Unfortunately, this creates vulnerabilities that are left open to exploitation. When multiple employees share credentials, it becomes difficult to trace actions to a single individual. This lack of accountability can complicate incident investigations and allows malicious activities to go undetected.

Furthermore, the sharing of passwords or access cards means inaccurate accounting of personnel, and in the event of an evacuation or major incident, central IT systems will hold misleading information of employees’ locations which could have a huge impact upon safety and potentially emergency services resources.

Employees with malicious intent can exploit shared credentials to carry out unauthorised activities while shifting blame to others, increasing the risk of deliberate sabotage or theft of sensitive data. Even when there is no malicious intent, employees who share access credentials risk unintentionally exposing them to unauthorised individuals, such as contractors, visitors, or external attackers.

What happens when employees compromise security?

Access cards are designed to limit entry to restricted physical locations. When shared, unauthorised personnel could enter secure areas such as control rooms, rail lines, large construction sites, data centres, power plants or indeed any site meant to be kept secure. This creates opportunities for sabotage, theft or corporate espionage.

Likewise, shared passwords can lead to unauthorised entry into IT systems, allowing hackers to install malware, ransomware or spyware. For example, a cybercriminal gaining access to an energy grid system could shut down power to entire regions, causing chaos to millions of people, and disrupting essential services.

And not all data breaches are caused by online hackers gaining entry through unsecure firewalls. Sensitive information held within critical sites, such as blueprints, system controls, and customer records, becomes vulnerable when access credentials are shared too, and the  disclosure of such information can have a serious impact upon a company’s bottom line, operations, and ultimately its reputation.

Eliminating the human burden

One way to prevent human error, or to thwart malpractice is to reduce the burden upon employees to be compliant, and eliminate our flaws by using technology that requires no intervention, decision-making or reason.

Facial recognition is widely used in the civil world now, despite the concerns of various lobbyists. Used correctly it is not a ‘catch all’, but an instant recognition of persons of interest cross referenced against a database of known suspects.

Our car parks are governed by automatic number plate recognition (ANPR) to gain access in and out, while border controls are using advanced biometrics for everything from facial and fingerprint recognition, through to recognition of human characteristics and gait, for both entry and to apprehend. The UK Home Office is even accelerating its transition to digital border management, using biometric technology to improve efficiencies, safety, and to track and capture known or illegal persons.

But what of the corporate world? What of the CNI sites, our airports, our national construction developments such as HS2 or our high-rise office spaces?

We always ask this very question, and also ‘can you afford a security breach’ in whatever environment you’re in? Because the smart, cloud-based technology being used by governments, law enforcement authorities and Border Force have cascaded down through the civil and corporate worlds.

Security conscious organisations are now diligently removing human error, by eliminating the human burden. With cloud managed software not only are access points managed through biometric integration, but it also overcomes the issues mentioned earlier around accountability – in that the cloud will always register who has passed through an access point, or out of it.

This is critical for both immediate safety and security but also for matters arising from a crisis, or emergency situation. It’s also less admin heavy, more cost effective and can manage and store employee records, including background checks. Employee or contractor data is encrypted, their information is safe, their interactions are secure, and businesses are protected.

Simple acts of negligence, such as sharing passwords or access cards, can open the door to catastrophic consequences, operational disruption, financial loss, and even, in the case of CNI, national security risks. To mitigate this, organisations can do worse than to implement robust access management systems, and in doing so, release employees from having to be accountable for ensuring the security of the sites in which they work.

As artificial intelligence (AI) evolves, I see even more robust biometrics coming to the fore, until such time we work and live in environments that are controlled without us even knowing security checkpoints are all around us, and access management happening at every step. It will become as ‘every day’ as an automatic door allowing entry into our local supermarket - but we’re not quite there yet.

Richard Hilson is head of sales for security access management specialist at Parking Facilities, a manufacturer of access management products and accessories

Senior Transport Planner
Islington Borough Council
Islington
£46,437 - £49,638 (PO3)
Graduate Structures Engineer
Kent County Council
Ashford, United Kingdom
£28,995 - £32,769 per annum
Transport Co-ordinator
Wirral Council
Transport Department , Cleveland Street Depot
£35,235 to £37,938
View all Vacancies
 
Search
 
 
 

TransportXtra is part of Landor LINKS

© 2025 TransportXtra | Landor LINKS Ltd | All Rights Reserved

Subscriptions, Magazines & Online Access Enquires
[Frequently Asked Questions]
Email: subs.ltt@landor.co.uk | Tel: +44 (0) 20 7091 7959

Shop & Accounts Enquires
Email: accounts@landor.co.uk | Tel: +44 (0) 20 7091 7855

Advertising Sales & Recruitment Enquires
Email: daniel@landor.co.uk | Tel: +44 (0) 20 7091 7861

Events & Conference Enquires
Email: conferences@landor.co.uk | Tel: +44 (0) 20 7091 7865

Press Releases & Editorial Enquires
Email: info@transportxtra.com | Tel: +44 (0) 20 7091 7875

Privacy Policy | Terms and Conditions | Advertise

Web design london by Brainiac Media 2020