Smart Building Cybersecurity Solutions
Is Your Smart Building Protected From Cyber Threats?
Until recently, threats to smart buildings haven’t really been on the radar for most property owners and managers. However, according to Forbes, cyber-attacks increased by 50% during the last year. With the threat to smart buildings looming large, property owners are giving the topic more attention.
The number of attacks against smart buildings is expected to grow as more buildings use smart devices connected to the Internet to control everything from the temperature to building access. While there are countless benefits that buildings will realize, like improved energy efficiency and more secure access management, it's important to consider and mitigate the risks to your tenants.
If you’re a smart building owner or manager, we can help you assess your cybersecurity requirements, assess your vendor options, negotiate your agreements, and even help to oversee any installations or integrations. Contact us today to speak with one of our technology advisors.
Why Are Smart Buildings Vulnerable To Attack?
Smart buildings utilize a variety of Internet-connected hardware to make it easier for tenants to consume content, automate tasks, and improve their overall efficiency. Everything from your Apple TV to your Nest thermostat or your iRobot vacuum connects to the Internet, making it vulnerable to an attack.
Known as IoT (Internet of Things) devices, these devices are connected to each other via a network. Building automation networks are typically deployed over Ethernet IP and twisted pair networks such as RS485. These standard connectivity protocols create a weakness that cybercriminals can exploit with expensive or dangerous consequences.
Just how likely is an IoT attack? A lot more likely than you may think. For example, in 2016, malware named Mirai was used to infect more than 600,000 individual IoT devices. These devices, called “zombies,” were then used to launch a DDOS attack against a DNS provider resulting in disruption to major websites such as Airbnb, Netflix, PayPal, Visa, Amazon, The New York Times, Reddit, and GitHub.
Most IoT devices run embedded operating systems (often variants of Linux, a free, well-documented, and open-source OS) on small micro-controllers that allow them to connect to the Internet. Despite considerable time being put into developing the intended use for the hardware devices, it’s not often as much time is spent on securing the devices. This combination of powerful yet straightforward devices connected over an open network creates a large and vulnerable attack area.
CSO Online reports that attacks on smart IoT devices doubled last year. In a similar report, Symantec found that there are at least 5,100 cyber-attacks on IoT devices every month.
Typical Cyber Attacks On Smart Buildings
The benefits of smart buildings are usually fairly straightforward. Building owners and residents can enjoy improved building efficiency, usability, and security, controlling various aspects of their day-to-day life right from their smartphones.
However, as we’ve discussed, the downsides to integrating smart solutions into your property may be less evident. Cyber attacks on smart buildings can take many shapes. They will typically include malware attacks, spyware attacks, and even ransomware attacks.
What’s problematic about many IoT attacks is that a device can be infected without showing any signs of infection. In many cases, malware infects an IoT device to use it as a “zombie” device. Unless the malware is actively utilizing the IoT device, there would be almost no way to know it was even infected.
What makes it worse is that some attacks can take months, even years, to be detected. Your organization or tenants could be losing money without being aware of it.
Causes of Cyber Attacks on Smart Buildings
Because smart devices in buildings perform any number of varied functions, there are many points of entry for malicious actors. Some of the solutions to these problems are simple, but some require a dedicated expert to keep an eye on things as the attacks become more sophisticated and need smarter prevention measures in turn. Here are a few of the most common causes of cyber-attacks in smart buildings.
Human Error
Users in a smart building are often the ones who leave the systems at their most vulnerable states. Mistakes are typical in our everyday lives, but operating in a smart building, one mistake could lead to the downfall of an entire system’s security.
Someone could accidentally download malicious software from an email or not follow secure password protocols, keeping old passwords that are easy for hackers to guess or break. While it would be impossible to achieve mitigate all human error, you can share basic security protocols and processes to follow with your network users.
In addition, if you’re the network administrator, you can install different software and filters to try and filter out any malicious attempts before they reach your network users.
Outdated OS
Automated devices in smart buildings can be easily accessed if they’re outdated.
The devices and touchpoints around smart buildings should be running on the latest operating systems to keep security protocols up to date.
If you’re using an outdated OS in a smart building, it creates easy access for cybercriminals to enter the network.
Cybercriminals use malware that targets older OS versions on devices allowing them to exploit vulnerabilities that are fixed in the newer versions.
Outdated software also leads to compatibility issues with specific devices and increases the vulnerability to cyberattacks.
Smart Building Automation System
As much as automation in a smart building makes life easier on the management side, it’s also a significant vulnerability.
Despite the interconnected lighting, climate, and elevator systems in a smart building making everything more efficient, the security protocols behind them aren’t as robust as we would like them to be.
Smart buildings not encrypting data in their heating, ventilation, and air conditioning systems create massive entry points for cybercriminals to access.
It’s essential to block any potential entry point by using encryption techniques.
How To Prevent Cyber Attacks
Property owners and managers need to make a concerted effort to protect themselves, their buildings, and their tenants from potential cyber-attacks. Preventing cyber attacks typically involves a multi-faceted approach that includes software, hardware, and user education.
For example, you can run all of your building-wide smart solutions like access systems on one network to which only a limited number of users can connect. By doing this, you’re reducing the potential number of people that could accidentally infect the system.
In addition, you could provide educational and training materials to all users that will be connecting to a shared network. Periodically testing these users with false phishing or fake malware attempts is another excellent way to ensure users stay vigilant.
Finally, regularly scanning and monitoring your hardware and networks for malware, spyware, or other potential vulnerabilities should be prioritized. The more interconnected your building is, the more devastating a cyber attack could be, so it’s essential not to cut corners when it comes to your Smart building cyber security solutions.
Enhance Your Smart Building Cybersecurity with Converged Services
If you own or manage a smart building or are planning to retrofit or develop a smart building, investing in your cybersecurity solutions is just as important as investing in your physical security and emergency solutions.
At Converged Services, our team of technology advisors can help you assess your cybersecurity requirements, select your vendors, negotiate your agreements, and manage the integration process. We have more than 25 years of experience negotiating telecom and technology agreements for clients around the country. Contact us today to schedule a consultation with one of our advisors.