Networked devices increase cyber risk for building systems

Companies face an increasing but under-recognised threat from cyberattacks on building systems and facilities managers need to act now with IT professionals to address the issue, warns research and advisory firm Verdantix.

It says that a sharp rise in the number of connected devices across building systems mean that the operational technology used to run facilities creates a growing risk of cyberattack.
Connected OT networks are converging with their IT counterparts, blurring traditional lines of responsibility for cyber security, just as ageing building systems require replacement, and the number of attacks rises.

Verdantix warns that without sufficient security controls, these systems could introduce significant new risks and more entry points for cyber criminals to exploit. It says that the past five years have seen a massive explosion of Internet of Things (IoT) sensors and smart devices deployed with firms frequently selecting these smart devices based on cost and functionality, resulting in facilities having many devices with poor inbuilt cyber security controls.

Cyber-attacks aimed at IT systems cost businesses US$945bn in 2020, it is estimated, through damage to data and systems, lost productivity, and theft of money, intellectual property, and personal data despite US$145bn in cyber security expenditure.

Rodolphe D’Arjuzon, global head of research at Verdantix said: “The first step for rebooting a smart building cyber security strategy is defining clear responsibilities and embedding cyber management into facilities operations across procurement, technology management and staff training.

“Facilities managers should not develop a siloed cyber programme on their own, but rather partner with their IT and security peers to integrate cyber security into different building management processes.”

Verdantix’s Best Practices: Enhancing Your Smart Building Cyber Security Programme found firms are not aware of the full extent of their risk exposure from their OT, as they often do not keep registers of connected devices, or the level of cyber security protection provided.

Compiled after interviews with experts from the cyber security, IT and building technology sectors, the report shows how companies can adapt. Its publication comes as more connected devices via the Internet of Things (IoT) transform the landscape, but just 32% of firms evaluate IoT security risks as part of the onboarding process for third parties and just 54% run penetration tests on their IoT devices.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.