The coronavirus pandemic highlighted the need for enhanced cybersecurity measures in smart buildings. Cybercrimes have exponentially increased during the pandemic, with cybercriminals taking advantage of security weaknesses and network vulnerabilities.
New risks due to OT and IT convergence
Making buildings smarter has created more cybersecurity risks. In the past, information technology (IT) and operational technology (OT) networks were kept separate because sharing information wasn’t required. However, the need to build smarter, more connected buildings meant an increase demand for IT-OT convergence, which left building systems more open to cyberattacks.
Attackers can exploit known vulnerabilities in both new and existing installations to manipulate operations, steal data and cause damage in the buildings. For example, hackers can use phishing emails to gain illegal access and entry into OT systems from the enterprise network; and attackers are using OT systems, such as heating, ventilation and air conditioning (HVAC) systems, as entry points into data centers and corporate IT networks.
With the number of cyberattacks on the rise during the pandemic, it is important that building managers and chief information-security officers (CISOs) secure these networks, ensuring that one unauthorized entry doesn’t result in a domino effect of system failures.
Unprepared for remote working
For the most part, the vast majority of business owners and CISOs were unprepared for its entire workforce to suddenly start working from home overnight. This new reality presented a never-before-dealt-with set of challenges.
While CISOs worked hard to maintain business continuity, establish secure connections for remote workers and take steps to prevent new network threats, they were also dealing with a near-sevenfold increase in spear-phishing attacks, since the pandemic began.
Looking toward the future, it is expected that even after lockdowns are lifted and the pandemic is over many people will want to continue a certain degree of work from home, now that employers and employees both see that it is possible. This means that CISOs will have to continue bolstering network security to deal with work from home, as well as better educate remote workers on basic cybersecurity best practices.
Making your smart building cybersafe
Being proactive about the cybersecurity of your smart building has never been more important.
Securing networks, monitoring network anomalies, identifying malicious behavior including social engineering and spear-phishing attempts, and reviewing IoT security configurations is the way forward.
Additionally, it is recommended that smart building managers and CISOs to do the following: enable firewall protection and ensure the corporate network is only accessible from whitelisted services; disable unused ports; apply network micro-segmentation by creating virtual networks to isolate IoT systems from other critical IT systems; enable monitoring and diagnostics and review them regularly; and prepare and update the incident response plans according to the current risks.
Future of cybersecurity for smart buildings
The cybersecurity landscape is constantly changing, and, therefore, risks and technologies are always changing. Smart building managers and CISOs must work together with technology providers to address evolving requirements.
To succeed in the post-COVID-19 era, technology providers must rethink their strategies and offerings to accommodate a new security landscape. And they must continue to monitor customers’ needs and adjust sales, service, and training accordingly.
Furthermore, CISOs must now prepare for the future. This includes determining how to allocate limited cybersecurity budgets to support additional modifications.
Adapted from a&s Magazine
