Intelligent buildings are based on that convergence of physical assets and IT systems. This can improve productivity, wellbeing, and sustainability, and cut costs, but if left unsecured can make buildings vulnerable to malicious actors who can exploit these new potential openings to access company data. This, in turn, requires a converged approach to security.
Tools like Shodan allow ‘siegeware’ to become a credible threat. Siegeware is a term coined recently to describe a kind of ransomware attack against a smart building due to its functional similarity to a medieval army besieging a castle. It involves extorting a company by threatening to shut down the functionality of a building automation system they have gained access to by exploiting poorly-secured remote access.
They can also restrict direct access to the ‘front-end’ of a system, making it harder for criminals to gain access by exploiting the human error and credulity of employees via fraudulent emails and social media. It is also imperative to give every user has the correct level of access—ordinary employees, for instance, should not have admin privileges—and has a unique password and username known only to them.
Furthermore, audits should be regularly performed to eliminate vulnerable connections. In one example, hackers gained access to a printer that had an unsecured connection to a wireless network—the company didn’t realise it hadn’t been disconnected—and they remotely printed out a false bomb threat that cost the company significant revenues and reputational damage. A subsequent audit revealed the connection had not been disconnected, forcing the company to change its practices.
It’s a fairly simple concept: cybersecurity automation will undertake a number of ‘banal’ tasks that would have previously been a significant time sink for the security team, such as monitoring emails, reverse engineering malware, removing malware, making vulnerability assessments, performing VM snapshots, detecting threats and containing issues. It can potentially do these tasks in mere seconds, requiring no additional action.
This makes a huge difference when protecting smart buildings from hackers and malicious actors, simply by removing the chance of human error, and providing a constant level of protection from incursions that allows the security team the opportunity to work on their active response to threats.
At Intelligent Building Europe 2021, you can discover best practice when it comes to smart buildings in a full programme of seminars and presentations. Better still, you can complement that with converged security knowledge at the co-located IFSEC International 2021, which you can enter for free with your event badge. Register your interest today and don’t miss out!