Improved building system technology is making today’s smart buildings safer, more energy efficient, and more attractive to tenants. But ESD, now Stantec Studio Leader and Senior Security Consultant Coleman Wolf says building automated system (BAS) improvements could come with new vulnerabilities. (Read more about intelligent building security.)
As cybercriminals find increasingly devious ways to infiltrate building systems, facility owners, operators, and managers need to invest in better cybersecurity measures.
Sensitive data held hostage is an all too common theme in the news recently. From SolarWinds to the Colonial Pipeline, cybercriminals have been flaunting cybersecurity gaps in major organizations leading to multi-million dollar ransom payments. And while it is tempting for building owners and operators to rest in the false sense of security that they are off the radar of bad actors, Cybersecurity Practice Leader Bryan Bennett says that could be a costly assumption.
According to a 2020 Federal Bureau of Investigation (FBI) Internet Crime Report, cyber-attacks are a growing threat for small businesses and the U.S. economy as the cost of cybercrimes climbed to $2.7 billion last year. Bennett says as operational technology (OT), building systems, and other internet of things (IoT) devices become more connected to information technology (IT) systems, there are more opportunities for bad actors to exploit cybersecurity vulnerabilities of any size business. According to Bennett, the reason is simple: Easy money.
However, Bennett notes the real cost can go well beyond a ransom payment. Businesses can also suffer damage to business continuity, production time, potential customers, and reputation. Building owners and operators may lose the trust of tenants. Bennett says investing in a qualified third-party agent to uncover cybersecurity vulnerabilities before they are discovered by hackers is money well spent.
In addition to doing a cybersecurity audit every six months, other best practices to protect your facility or business from cybercrime is to train personnel to spot suspicious phishing emails, follow good web browsing practices, and create strong passwords. Extra care should also be taken to protect sensitive customer and vendor data and to back up systems regularly.
This article was subsequently posted by leading industry publication Consulting-Specifying Engineer (CSE) magazine.
Bryan Bennett has been evangelizing for better IT security strategies for over a quarter-century. His mission to protect organizations from the financial, reputational, and individual costs associated with cybercrimes fits well with ESD’s mission to improve society through the built environment.