The more you connect building systems to the IoT, the higher the risk of vulnerability becomes. Cyberattacks can come through an HVAC system, a BAS device, or an unsecured port. Cyber risk management is complicated, with new threats arising daily. To ensure the protection of the organization’s sensitive data, cybersecurity should not be left to facility management staff or IT personnel that are not cybersecurity experts.
The pandemic has increased risk due to remote work models increasing exposure to malware and attack. The human role in exposure is significant. By using company email accounts to visit non-essential sites like entertainment, news, retail, and gaming, employees increase risk of infiltration. Exposed personally identifiable information (PII) is exploited to access sensitive data and critical operations.
Energy Efficiency Efforts Are Leaving Companies Vulnerable
Advanced smart technology is a key component of green buildings. The benefits of using smart tech are clear and incorporating connectivity into the building systems is required to meet government compliance in most cases. Building automation systems (BAS) allow building managers to gain greater control over the efficiencies of building and operating systems. But the higher connectivity increases the vulnerability of the building and its occupants to attack.
Many BAS are exposed to the internet without having a default password. Many others may not have a firewall. These basic security measures are often overlooked as smart tech is installed. Smart building stakeholders must consider cybersecurity a priority as they develop strategies to operate and maintain their buildings into the future.
Tech Giants Taking Action
The global tech giants recognize the growing threat and have taken steps to mitigate it. The two-step authentication that has been added to many platforms is one of the efforts implemented to minimize hacking attempts. Here are some other activities the big tech companies have included in their planned strategies to cope with exposure.
Microsoft supports public policy efforts to secure cyberspace. Their strategy includes four areas where they are focusing effort. Microsoft works with governments around the world to develop risk management strategies for cities to increase their cyber resilience. Microsoft is committed to providing a deeper understanding of cloud computing and how to do so securely.
Microsoft believes that there should be international cybersecurity rules of behavior and is advocating for policy to govern the online environment. Microsoft engages in worldwide legislative and enforcement efforts on cybercrime to drive consistency and coordination. Microsoft adds its weight to these critical endeavors to secure cyberspace against new and emerging threats and to maintain trust in technology.
Apple has joined the Cyber Readiness Institute (CRI) as a co-chair to assist small businesses in protecting their enterprises. The CRI focuses on small to mid-sized business, raising awareness of cybersecurity. This may be part of Apple’s agreement with the White House to improve supply chain security resilience. Apple’s strategy is to work with suppliers to adopt multi-factor authentication, security training, vulnerability remediation, event logging and incident response.
Apple launched App Tracking Transparency (ATT) which gave iPhone users the choice to opt out of allowing apps to track and share information. Early reports show that users are taking advantage of the privacy app and it is impacting marketing efforts by big consumer companies.
Amazon has offered their exemplary employee cybersecurity awareness to the general public at no cost. By making this training publicly available, Amazon hopes to keep more people safe from attack.
Amazon has also introduced multi-factor authentication, providing multi-factor authentication devices, free, to qualified Amazon Web Services (AWS) account holders. This extra layer of security will reduce Amazon participants’ vulnerability to attack.
IBM will be providing training for 15,000 people in cybersecurity skills. They aim to establish “Cybersecurity Leadership Centres” in universities across the U.C. IBM Research and Development in collaboration with the Ben-Gurion University of Negev established the IBM Cyber Security Center of Excellence (CCoE). The center looks at market and technology trends and investigates possible security exposures. This leads the development of solutions that are incorporated into IBM”s security product portfolio and influence security practices worldwide.
Best Cybersecurity Practices
- Cybersecurity is part of an organization’s brand and should be incorporated into the core values of the company and not treated as an added cost.
- Hire a chief information security officer, or cybersecurity consultant organization. Do not leave cybersecurity as an added responsibility for the head of engineering, COO or another team member.
- Define security strategic objectives with the leadership team, setting goals and outlining capabilities.
- Instruct personnel to avoid using corporate email and credentials outside of the work environment.
- Limit the use of personal data in corporate and social networks.
- Use strong password policies, and do not use the same passwords outside the work environment.
- Continuously monitor external threats for exposed credentials.
The general public is highly aware of cyber risks. Raising cybersecurity on the priority list, internally and externally, will increase consumer confidence in your organization. Each time a device connects to the IoT, take steps to protect your business, your employees and your customers. Albireo Energy, a BAS provider, offers services to assist in the design and implementation of smart building systems with security features. Albireo can be the cybersecurity partner that helps you develop you cybersecurity strategic plan and walk you through installation and operation to keep your facility in compliance and secure.